Bonjour a Vous
j'ai un problème de renouvellement de certificat avec dehydrated
j'ai un message d'erreur (j'ai remplace mon domaine et ip par ***)
[root@www1 ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Processing mail.***.com
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Feb 24 12:26:19 2022 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for mail.***.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for mail.***.com authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01 "
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "Invalid response from https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA [**.**.**.195]:\"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\""
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA [**.**.**.195]: \"\u003c!DOCTYPE HTML PUBLIC\\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"","status":403}
["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1741213068/FD0tkQ"
["token"] "FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",0,"url"] "http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",0,"hostname"] "mail.***.com"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "**.**.**.195"
["validationRecord",0,"addressesResolved"] ["**.**.**.195"]
["validationRecord",0,"addressUsed"] "**.**.**.195"
["validationRecord",0] {"url":"http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"80","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"}
["validationRecord",1,"url"] "https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",1,"hostname"] "mail.***.com"
["validationRecord",1,"port"] "443"
["validationRecord",1,"addressesResolved",0] "**.**.**.195"
["validationRecord",1,"addressesResolved"] ["**.**.**.195"]
["validationRecord",1,"addressUsed"] "**.**.**.195"
["validationRecord",1] {"url":"https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"443","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**9.195"}
["validationRecord"] [{"url":"http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"80","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"},{"url":"https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"443","addre ssesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"}]
["validated"] "2022-02-22T17:36:09Z")
j'ai donc chercher et j'ai exactement le problème decrit dans le topic :
https://forums.koozali.org/index.php/topic,53147.0.htmlet la solution dans le wiki de let's encrypt...
si je regarde mon fichier http error_log j'ai ceci :
[core:error] [pid 17454] (13)Permission denied: [client 18.196.102.134:50528] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:10.980985 2022] [core:error] [pid 17457] (13)Permission denied: [client 18.236.228.243:34940] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:11.243918 2022] [core:error] [pid 17458] (13)Permission denied: [client 66.133.109.36:60598] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:44.070914 2022]
ca continue a suivre le problème decrit dans le wiki de let's encrypt.
ensuite le suis donc les manip de verification de lecture ecriture comme decrit:
[root@www1 Primary]# cd /home/e-smith/files/ibays
[root@www1 ibays]# ls -l
total 0
drwxr-xr-x. 5 root root 46 20 oct. 2014 Primary
a priori mes droits sont corrects?
dans le doute je fais tout de même la manip de remettre les droits corrects
chown root:root Primary
[root@www1 ibays]# chmod 0755 Primary
puis ensuite je verifie les droit du dossier html:
[root@www1 ibays]# cd /home/e-smith/files/ibays/Primary
[root@www1 Primary]# ls -l
total 0
drwxr-s---. 2 admin shared 6 20 oct. 2014 cgi-bin
drwxr-s---. 2 admin shared 6 20 oct. 2014 files
drwxr-s---. 3 admin shared 42 2 janv. 2018 html
ils ont l'air d'etre correct egalement..
je les remet tout de meme :
[root@www1 Primary]# chown admin:shared html
[root@www1 Primary]# chmod 2750 html
je relance le script dehydrated et j'obtient le meme message d'erreur que au debut...
que puis je faire comme autre test/manipulation pour remettre cela dans l'ordre , je suis plutot novice dans le monde linux
c'est d'autant plus étrange que je n'ai pas le souvenir d'avoir modifier/installer quelque chose en particulier récemment
Merci de votre aide