Skip to content

Authorize multiple hostnames at once, issue certificates one by one (order file not found) #45

Open
Open
Authorize multiple hostnames at once, issue certificates one by one (order file not found)#45
Labels
bugSomething isn't working
Milestone
Backlog
@piraz

Description

@piraz
piraz
opened on Nov 18, 2020

With manuale it was possible to authorize multiple hostnames at once and issue certificates one by one. On automatoes the below happens (slightly edited to condense and hide the actual domains used):

$ manuale authorize foo.example.com bar.example.com quux.example.com
Candango Automatoes 0.9.1. Manuale replacement.

Authorizing foo.example.com, bar.example.com, quux.example.com.
  Requesting challenge for foo.example.com.
  Requesting challenge for bar.example.com.
  Requesting challenge for quux.example.com.

  DNS verification required. Make sure these TXT records are in place:
    _acme-challenge.foo.example.com.  IN TXT  "KT..."
    _acme-challenge.bar.example.com.  IN TXT  "WW..."
    _acme-challenge.quux.example.com.  IN TXT  "KV..."

Press Enter to continue.
  foo.example.com: waiting for verification. Checking in 5 seconds.
  foo.example.com: OK! Authorization lasts until 2020-06-13T22:37:49Z.
  bar.example.com: waiting for verification. Checking in 5 seconds.
  bar.example.com: OK! Authorization lasts until 2020-06-13T22:37:49Z.
  quux.example.com: waiting for verification. Checking in 5 seconds.
  quux.example.com: OK! Authorization lasts until 2020-06-13T22:37:49Z.
  3 domain(s) authorized. Let's Encrypt!
$

$ manuale -v issue foo.example.com
Candango Automatoes 0.9.1. Manuale replacement.

Orders path found at /path/to/my/orders.
Searching order file /path/to/my/orders/<hash>/order.json.
 ERROR: Order file not found. Please run before: manuale authorize foo.example.com
$

It appears the hash used in constructing the orders file path is made from all the hostnames in the authorization phase. Thus the orders are not found when trying to request a certificate for only one of the names because the hash is not the same. If the ACME v2 API allows breaking up authorizations made at once into multiple different certs, it would be nice if automatoes also supported that.
-- oh2kku

See cache at: https://web.archive.org/web/20200930225633/https://github.com/candango/automatoes/issues/45

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions