-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] acme.cert fails with OpenSSL error only when using salt tls module #59179
Comments
In OpenBSD 6.8 I have the same problem but with the default endpoint
When I implement the "Fix" (setting to "if False") then a new error pops up:
It worked in 6.6, then I updated to 6.8 and it broke |
I have to apply that "if False"-fix. The date-issue is something else. To get it working on OpenBSD 6.8 I have to change it to this: #if "tls.cert_info" in __salt__:
if False:
expiry = __salt__["tls.cert_info"](cert_file).get("not_after", 0)
## Cobble it together using the openssl binary
else:
openssl_cmd = "openssl x509 -in {0} -noout -enddate".format(cert_file)
# No %e format on my Linux'es here
#strptime_sux_cmd = 'date --date="$({0} | cut -d= -f2)" +%s'.format(openssl_cmd)
strptime_sux_cmd = '{0} | cut -d= -f2'.format(openssl_cmd)
expiry = __salt__['cmd.shell'](strptime_sux_cmd, output_loglevel='quiet')
#expiry = float(__salt__["cmd.shell"](strptime_sux_cmd, output_loglevel="quiet"))
# expiry = datetime.datetime.strptime(expiry.split('=', 1)[-1], '%b %e %H:%M:%S %Y %Z')
return datetime.datetime.strptime(expiry, '%b %d %H:%M:%S %Y %Z')
#return datetime.datetime.fromtimestamp(expiry) |
@nielsek just FYI, a cleaner workaround that I'm using is to set disable_modules:
- tls in minion config via salt-formula. Although it seems that you are having issues with more than just the tls module. |
@nielsk -^ |
Thanks. I will do a pull request for the date problem. |
Any fixes for this Problem? I am running into the same issue... |
Description
When obtaining certificates using
acme.cert
with my internal acme server, I receive a traceback. I am using https://github.com/smallstep/certificates to run this acme server. Certificates obtained for the normal letsencrypt servers work just fine.Setup
Steps to Reproduce the behavior
acme.cert
acme.cert
works perfectly when I force the acme module to use openssl by settingsalt/salt/modules/acme.py
Line 87 in 214ae8a
to
if False:
Expected behavior
acme.cert should obtain a certificate successfully as using the cli works fine.
Versions Report
salt --versions-report
``` Salt Version: Salt: 3002.2Dependency Versions:
cffi: 1.11.5
cherrypy: Not Installed
dateutil: 2.6.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 2.10.1
libgit2: 0.26.8
M2Crypto: 0.35.2
Mako: Not Installed
msgpack: 0.6.2
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: 2.14
pycrypto: Not Installed
pycryptodome: Not Installed
pygit2: 0.26.4
Python: 3.6.8 (default, Aug 24 2020, 17:57:11)
python-gnupg: Not Installed
PyYAML: 3.12
PyZMQ: 19.0.0
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.3
System Versions:
dist: centos 8
locale: UTF-8
machine: x86_64
release: 5.4.78-2-pve
system: Linux
version: CentOS Linux 8
The text was updated successfully, but these errors were encountered: