acme-client: DNS-01/nsupdate: doesn't allow FQDN in the name #70
Assignees
Labels
bug
Production bug
Comments
|
Same problem, it is not possible to use a name like srv-1.example.com |
|
Same issue when my FQDN contain a hyphen. It's possible to modify fields validation ? |
|
Thanks for the report, I'm preparing a fix. |
|
A fix is included in PR #71. |
|
Can you clarify the nsupdate secret key field? |
|
@lrosenman: You need to put in the whole key file, see the example in my initial PR #66. I'll fix the help text, though. |
fraenki
added a commit
to fraenki/plugins
that referenced
this issue
Feb 5, 2017
fraenki
added a commit
to fraenki/plugins
that referenced
this issue
Feb 5, 2017
fraenki
added a commit
to fraenki/plugins
that referenced
this issue
Feb 5, 2017
|
@fraenki Thanks! |
|
Thanks ! |
fichtner
pushed a commit
that referenced
this issue
Feb 7, 2017
|
FYI, the fix will be available on thursday with OPNsense 17.1.1 :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
when you put a FQDN in a certificate name request, you get: Should be a string between 1 and 255 characters.
if you remove all the special characters (INCLUDING PERIODS(!!)), it sends the unqualified name as the CN= to LE, and gets a 400 error:
[Sun Feb 5 00:00:07 CST 2017] new-authz error: {"type":"urn:acme:error:malformed","detail":"DNS name does not have enough labels","status": 400}
[Sun Feb 5 00:00:07 CST 2017] The new-authz request is ok.
This makes it IMPOSSIBLE to generate a certiificate.
Also, it is unclear what is supposed to go in the secret field of the validation request. The whole key file, or just the secret or what.
The text was updated successfully, but these errors were encountered: