Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security/acme-client: ProxmoxVE automation didn't start #3790

Closed
3 tasks done
kanata3249 opened this issue Feb 3, 2024 · 5 comments
Closed
3 tasks done

security/acme-client: ProxmoxVE automation didn't start #3790

kanata3249 opened this issue Feb 3, 2024 · 5 comments
Assignees
@fraenki
Labels
bug Production bug

Comments

@kanata3249
Copy link

kanata3249 commented Feb 3, 2024
edited by fraenki

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug

os-acme-client 4.0 ProxmoxVE automation didn't start.

OPNsense\AcmeClient\LeAutomation\runAcme() stops at this line

To Reproduce
Steps to reproduce the behavior:

  1. Setup automation with Run Command "Upload certificate to Proxmox VE".
  2. Add newly created automation to the certificate that already issued.
  3. "Run automations" for the certificate in certificate list.

Expected behavior

ACME deploy hook shoud be start, and store some logs in "ACME Log".

Relevant log files

Systemlog

2024-02-03T23:56:18 | opnsense | AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --deploy --syslog 7 --debug 3 --server 'https://acme.home.arpa/acme/acme/directory' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/65bda0274ad018.06230787' --certpath '/var/etc/acme-client/certs/65bda0274ad018.06230787/cert.pem' --keypath '/var/etc/acme-client/keys/65bda0274ad018.06230787/private.key' --capath '/var/etc/acme-client/certs/65bda0274ad018.06230787/chain.pem' --fullchainpath '/var/etc/acme-client/certs/65bda0274ad018.06230787/fullchain.pem' --domain 'holodeck.home.arpa' --deploy-hook proxmoxve
2024-02-03T23:56:18 | opnsense | AcmeClient: running automation (acme.sh): xxx
2024-02-03T23:56:18 | opnsense | AcmeClient: running automations for certificate: holodeck.home.arpa

ACME Log

nothing

Environment

OPNsense 24.1(amd64).
os-acme-client 4.0
@fraenki fraenki changed the title os-acme-client 4.0 ProxmoxVE automation didn't start. security/acme-client: ProxmoxVE automation didn't start Feb 7, 2024
@fraenki fraenki self-assigned this Feb 7, 2024
@fraenki
Copy link
Member

fraenki commented Feb 7, 2024

Please switch Log Level to "debug 3" in Services->ACME Client->Settings and try again. The ACME Log really should not be empty. (Note that debug logging causes the log to look somewhat scrambled in the GUI, this is expected.)

@fraenki fraenki added the bug Production bug label Feb 7, 2024
fraenki added a commit to fraenki/plugins that referenced this issue Feb 7, 2024
@fraenki
security/acme-client: remove dead code, refs opnsense#3790
84644d4
@fraenki
Copy link
Member

fraenki commented Feb 7, 2024

OK, I think I found the bug. You should have an error in crash reporter:

[07-Feb-2024 10:37:11 Europe/Berlin] PHP Fatal error:  Uncaught TypeError: proc_open(): Argument #2 ($descriptor_spec) must be of type array, null given in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/Base.php:133

You may apply this patch and try again:

opnsense-patch -c plugins 84644d4a

@kanata3249
Copy link
Author

Thank you for your response.

With your patch, acme.sh deploy hook started.
Automation for Proxmove VE now works file.

2024-02-07T19:27:11 | [Wed Feb 7 19:27:11 JST 2024] Success
2024-02-07T19:27:11 | [Wed Feb 7 19:27:11 JST 2024] _ret='0'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.5sFeRD75 -g '
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _post_url='https://holodeck-i11400.home.arpa:8006/api2/json/nodes/holodeck-i11400/certificates/custom'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] POST
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] TARGET_URL='https://holodeck-i11400.home.arpa:8006/api2/json/nodes/holodeck-i11400/certificates/custom'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _cfullchain='/var/etc/acme-client/cert-home/65bda0274ad018.06230787/holodeck.home.arpa/fullchain.cer'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _cca='/var/etc/acme-client/cert-home/65bda0274ad018.06230787/holodeck.home.arpa/ca.cer'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _ccert='/var/etc/acme-client/cert-home/65bda0274ad018.06230787/holodeck.home.arpa/holodeck.home.arpa.cer'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _cdomain='holodeck.home.arpa'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] _deployApi='/usr/local/share/examples/acme.sh/deploy/proxmoxve.sh'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] DOMAIN_PATH='/var/etc/acme-client/cert-home/65bda0274ad018.06230787/holodeck.home.arpa'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] ACME_DIRECTORY='https://acme.home.arpa/acme/acme/directory'
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] Using config home:/var/etc/acme-client/home
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] Running cmd: deploy
2024-02-07T19:27:10 | [Wed Feb 7 19:27:10 JST 2024] Using server: https://acme.home.arpa/acme/acme/directory

@Staticznld
Copy link

Can confirm patch is working!
Automations to deploy to Synology NAS now working again!

@fraenki
Copy link
Member

fraenki commented Feb 7, 2024

Thanks for testing, I'll close this issue. This bugfix will be available in the upcoming os-acme-client 4.1.

@fraenki fraenki closed this as completed Feb 7, 2024
@opnsense opnsense locked as resolved and limited conversation to collaborators Feb 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@fraenki fraenki

Labels
bug Production bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kanata3249 @fraenki @Staticznld