Comments (11)
Hi,
I see two possible causes:
- The call is blocked by your firewall or you are using a proxy
- The CA of the inwx api certificate is not trusted on your server
Can you try if you can make https calls to the inwx api on that machine at all? For example:
curl "https://api.domrobot.com/xmlrpc/"
should print
<?xml version="1.0" encoding="UTF-8"?><methodResponse><fault><value><struct><member><name>faultString</name><value><string>parse error. not well formed.
error occurred at line 1, column 0, byte index -1</string></value></member><member><name>faultCode</name><value><int>-32700</int></value></member></struct></value></fault></methodResponse>
from letsencrypt-inwx.
Response:
<?xml version="1.0" encoding="UTF-8"?><methodResponse><fault><value><struct><member><name>faultString</name><value><string>parse error. not well formed.
error occurred at line 1, column 0, byte index -1</string></value></member><member><name>faultCode</name><value><int>-32700</int></value></member></struct></value></fault></methodResponse>
from letsencrypt-inwx.
The only real difference to the other servers - where it's working fine - is that on this server I have OpenSSL 1.1.1 Pre8 installed instead of the Debian 9 default (I think it's 1.0.2f). Does it use systems OpenSSL? Could that be a problem?
from letsencrypt-inwx.
Yes it uses reqwest for http(s) requests which itself uses rust-openssl which uses your system openssl library. So that might be the issue. To be sure you can download the new 1.0.2 version I just pushed which should print out more useful error messages in your case. I think your only option would be to compile letsencrypt-inwx yourself on that server if openssl should be the problem.
from letsencrypt-inwx.
Output:
Creating TXT record...
=> Error: The inwx api call failed: Could not connect to the inwx api: https://api.domrobot.com/xmlrpc/: The OpenSSL library reported an error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1191:
Seems like I have to compile. I tried that yesterday before I used the .deb, but I think it hang on openssl compile - but I could be wrong. I will try again.
from letsencrypt-inwx.
I still have openssl_1.1.0f on the system. Is it somehow possible to use /usr/bin/openssl_1.1.0f instead of /usr/bin/openssl without compiling?
from letsencrypt-inwx.
Maybe I should put that a new issue, but this is what happens when I compile:
error: failed to run custom build command for `openssl v0.9.24`
process didn't exit successfully: `/root/letsencrypt-inwx/target/release/build/openssl-51b12a3c459663c2/build-script-build` (exit code: 101)
--- stderr
thread 'main' panicked at 'Unable to detect OpenSSL version', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.9.24/build.rs:16:14
note: Run with `RUST_BACKTRACE=1` for a backtrace.
from letsencrypt-inwx.
I don't know much about binary openssl compatibility.
Concerning the compile error: Do you have openssl-devel
and pkg-config
installed?
from letsencrypt-inwx.
Both are installed and functionally
from letsencrypt-inwx.
Hi,
I have solved my problem. I have reinstalled my Debian 9 and left the default OpenSSL version of it untouched. I could not use your .deb due to you strictly requiring libssl1.0.0 which is not available for many new Linux distributions including Debian 9. So I build my own .deb installed it and it works just fine.
I would recommend that you investigate making your plugin compatible with OpenSSL1.1.1, because it probability will be adopted pretty fast by many distributions due to it's support of TLS1.3.
Still, thank you really much for your help and fast responses! Keep the great work up!
from letsencrypt-inwx.
Nice to hear that you could solve your problem. The thing is that this project does not use openssl directly. It only uses rust-openssl as an indirect dependency so we have to wait for them to support new openssl versions. At least openssl 1.1.0 seems to be supported according to their Readme.
from letsencrypt-inwx.
Related Issues (13)
- .deb installation fails on Debian 8 HOT 2
- Dependencies seem a bit excessive HOT 2
- tool hangs on first run HOT 2
- Error: nameserver.list: Domain not found HOT 1
- Error: There is no nameserver for the specified domain HOT 8
- dns-01 challenge hangs HOT 10
- No support for Two-Factor-Auth?
- Certificate creation fails because No TXT record found HOT 13
- crates.io HOT 1
- Offer prebuilt binaries and link against musl libc HOT 1
- Please do not hardcode place of config file, read config-dir or allow override HOT 1
- Feature: follow CNAME records or allow to define CNAME of _acme-challenge.example.com HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from letsencrypt-inwx.