Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

domain-list: #332

Open
seannaswell opened this issue May 17, 2022 · 3 comments
Open

domain-list: #332

seannaswell opened this issue May 17, 2022 · 3 comments

Comments

@seannaswell
Copy link

Running into a weird issue that is most certainly user error, would greatly appreciate some feedback...

Running certgrinder -c ~/certgrinder.conf get certificate to test setup, which results in one of two errors, depending how domain-list: is formatted.

When formatted as

domain-list: "example.com"

I receive the following error:

[certgrinder@proxy /]$ certgrinder -c ~/certgrinder.conf get certificate
Traceback (most recent call last):
File "/usr/local/bin/certgrinder", line 33, in
sys.exit(load_entry_point('certgrinder==0.17.2', 'console_scripts', 'certgrinder')())
File` "/usr/local/lib/python3.8/site-packages/certgrinder/certgrinder.py", line 2232, in main
certgrinder.grind(args)
File "/usr/local/lib/python3.8/site-packages/certgrinder/certgrinder.py", line 1799, in grind
assert isinstance(self.conf["domain-list"], list)
AssertionError

However, when formatted as

domain-list:
- "example.com"

the following ssh error appears, apparently related to having an illegal "-" in the command.

[certgrinder@proxy /]$ certgrinder -c ~/certgrinder.conf get certificate
2022-05-17 06:12:50 -0600 certgrinder INFO Getting new certificate for domainset ['example.com'] ...
2022-05-17 06:12:50 -0600 certgrinder WARNING ssh: illegal option -- -
.....
2022-05-17 06:12:50 -0600 certgrinder ERROR Did not get any output, expected a certificate chain in stdout from certgrinderd

This is on FreeBSD 13.0, client has stock ssh/d_configs, server slightly modified but I'm not sure how that could cause this.

Any idea what I am doing wrong?
@seannaswell
Copy link
Author

Update: After further testing, it appears the issue is not the " - " in the domain-list directive.

Commenting out the domain-list: directive in certgrinder.conf, and instead issuing certgrinder -c ~/certgrinder.conf --domain-list example.com get certificate produces the same ssh error:

2022-05-17 19:43:20 -0600 certgrinder INFO Getting new certificate for domainset ['example.com'] ...
2022-05-17 19:43:20 -0600 certgrinder WARNING ssh: illegal option -- -
......
2022-05-17 19:43:20 -0600 certgrinder ERROR Did not get any output, expected a certificate chain in stdout from certgrinderd

The certgrinder client can login to certgrinderd server, and the error stops the ssh process before attempting to connect to the server. Any idea what the ssh error might be referring to?

@seannaswell
Copy link
Author

Just FYI: Installed from pip, and the only directives configured in certgrinder.conf are path: and certgrinderd:, everything else commented out.

@seannaswell
Copy link
Author

And lastly, the output of debug:

2022-05-17 22:13:24 -0600 certgrinder DEBUG Certgrinder.run_certgrinderd():709: Running certgrinderd command: ['ssh', 'certgrinderd@my.certgrinderd.server', '-T', '--log-level', 'DEBUG', '--acme-server-url', 'https://acme-staging-v02.api.letsencrypt.org/directory', '--preferred-chain', 'Fake_LE_Root_X1', 'get', 'certificate']
2022-05-17 22:13:24 -0600 certgrinder WARNING Certgrinder.run_certgrinderd():745: ssh: illegal option -- -
.....
2022-05-17 22:13:24 -0600 certgrinder ERROR Certgrinder.get_certificate():888: Did not get any output, expected a certificate chain in stdout from certgrinderd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@seannaswell