Update to latest version of acmesmith #35379
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ACMEv1 is being end-of-lifed, which as of this month means it will now refuse to allocate new domains:
$ RAILS_ENV=adhoc bundle exec rake adhoc:start
RAILS_ENV=adhoc RACK_ENV=adhoc bundle exec ./update_certs adhoc-mikewu.cdn-code.org adhoc-mikewu-studio.cdn-code.org origin-adhoc-mikewu.cdn-code.org
rake aborted!
'RAILS_ENV=adhoc RACK_ENV=adhoc bundle exec ./update_certs adhoc-mikewu.cdn-code.org adhoc-mikewu-studio.cdn-code.org origin-adhoc-mikewu.cdn-code.org' returned 1
Authorizing SSL certificates for adhoc-mikewu.cdn-code.org
bundler: failed to load command: ./update_certs (./update_certs)
Acme::Client::Error::Unauthorized: Error creating new authz :: Validations for new domains are disabled in the V1 API (https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acme-client-1.0.0/lib/acme/client/faraday_middleware.rb:43:in `raise_on_error!'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acme-client-1.0.0/lib/acme/client/faraday_middleware.rb:33:in `on_complete'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acme-client-1.0.0/lib/acme/client/faraday_middleware.rb:18:in `block in call'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/faraday-0.15.4/lib/faraday/response.rb:61:in `on_complete'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acme-client-1.0.0/lib/acme/client/faraday_middleware.rb:18:in `call'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/faraday-0.15.4/lib/faraday/rack_builder.rb:143:in `build_response'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/faraday-0.15.4/lib/faraday/connection.rb:387:in `run_request'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/faraday-0.15.4/lib/faraday/connection.rb:175:in `post'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acme-client-1.0.0/lib/acme/client.rb:69:in `authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/acme_client.rb:21:in `block in authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/acme_client.rb:51:in `retry_once_on_bad_nonce'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/acme_client.rb:20:in `authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/client.rb:25:in `block in authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/client.rb:24:in `map'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/client.rb:24:in `authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/acmesmith-0.11.1/lib/acmesmith/command.rb:19:in `authorize'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
[CDO]/.bundle/bundle/ruby/2.5.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
[CDO]/aws/cloudformation/update_certs:35:in `block in <top (required)>'
[CDO]/aws/cloudformation/update_certs:34:in `each'
[CDO]/aws/cloudformation/update_certs:34:in `rescue in <top (required)>'
[CDO]/aws/cloudformation/update_certs:30:in `<top (required)>'
Tasks: TOP => adhoc:start
(See full trace by running task with --trace)
Fortunately, updating is relatively simple! The most significant change is that new acme wants you to define a [directory rather than an endpoint](https://github.com/sorah/acmesmith#configuration); updating our local config file seems to be sufficient.
I should note that it's not 100% clear to me that `/directory` is actually the directory that we want, but I was successfully able to spin up an adhoc with it set to that value.
wjordan
approved these changes
Jun 17, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ACMEv1 is being end-of-lifed, which as of this month means it will now refuse to allocate new domains:
Fortunately, updating is relatively simple! The most significant change is that new acme wants you to define a directory rather than an endpoint; updating our local config file seems to be sufficient.
I should note that it's not 100% clear to me that
/directoryis actually the directory that we want, but I was successfully able to spin up an adhoc with it set to that value.Testing story
With these changes, I was successfully able to initialize an adhoc from #35371: https://adhoc-mikewu.cdn-code.org/
Reviewer Checklist: