Check CAA record and /var/lib/ACME/accounts before cmdeploy run / cmdeploy dns #317
Comments
|
E.g., a check in the beginning of
|
|
Just make sure not to reintroduce #288. |
|
I have fresh Debian 12 on VPS: When I try do deploy, I got en Error: I am little confised.... Can you give me some advise, what could I check? |
|
Hi Adam, thanks a lot for your report.
I assume you are using latest "main" for running 'cmdeploy run'.
Could it be that your server has network/firewall restrictions?
The remote_funcs.py:59 line tries to connect to "notifications.delta.chat"
but uses port "1" (a bit random, yes) --
can you change the "1" to "443" and see if it passes?
The function in question tries to determine a host's IP - address
but see #336 for a discussion
to drop this way of detecting IP addresses completely.
Still interesting to know if "443" would let your "cmdeploy run" succesfully.
…On Wed, Jul 10, 2024 at 00:43 -0700, Adam Jurkiewicz Pythonista wrote:
***@***.***:~/chatmail$ scripts/cmdeploy run
[ssh] login to deltachat.jurkiewicz.chat
Checking DNS entries .20240710033914 [CRITICAL] acmetool: fatal: get account URL: HTTP error: 400 Bad Request
(problem (type "urn:ietf:params:acme:error:accountDoesNotExist") (instance "") (id <nil>) (title ""): (detail "No account exists with the provided key"))
...Traceback (most recent call last):
File "/home/adasiek/chatmail/venv/bin/cmdeploy", line 8, in <module>
sys.exit(main())
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/cmdeploy.py", line 299, in main
res = args.func(args, out, **kwargs)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/cmdeploy.py", line 56, in run_cmd
retcode, remote_data = show_dns(args, out)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/dns.py", line 21, in show_dns
remote_data = sshexec(remote_funcs.perform_initial_checks, mail_domain=mail_domain)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/sshexec.py", line 16, in __call__
code, data = self._remote_cmdloop_channel.receive(timeout=self.timeout)
File "/home/adasiek/chatmail/venv/lib/python3.10/site-packages/execnet/gateway_base.py", line 934, in receive
raise self._getremoteerror() or EOFError()
execnet.gateway_base.RemoteError: Traceback (most recent call last):
File "<string>", line 1291, in executetask
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 104, in <module>
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 42, in perform_initial_checks
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 59, in get_ip_address
OSError: [Errno 101] Network is unreachable
```
I am little confised.... Can you give me some advise, what could I check?
--
Reply to this email directly or view it on GitHub:
#317 (comment)
You are receiving this because you are subscribed to this thread.
Message ID: ***@***.***>
|
|
Yes.. 'main' branch. I have made modification...: I can connect from my Debian: And now the error is: The strange behavior is - I cannot see any of my print from code.... what next? |
|
Maybe there is a problem, that, I run cmdeploye few weeks ago on Ubuntu 24.04 and that domain - so there is already a Letsencrypt SSL cert generated for domain: 'jurkiewicz.chat' ? |
|
If you modify remote_func.py locally you can use the "log()" function
instead of print -- maybe we'll just replace the "print" function so it
would just work ;)
You can then run "cmdeploy dns -v"
to see progress/log-output from the remotely executing functions.
…On Wed, Jul 10, 2024 at 04:02 -0700, Adam Jurkiewicz Pythonista wrote:
Yes.. 'main' branch.
My firewall on Debian is simple:
```
***@***.***:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere ALLOW IN 188.68.237.191
Anywhere ALLOW IN 172.30.0.0/24
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
587 ALLOW IN Anywhere
465 ALLOW IN Anywhere
143 ALLOW IN Anywhere
993 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
587 (v6) ALLOW IN Anywhere (v6)
465 (v6) ALLOW IN Anywhere (v6)
143 (v6) ALLOW IN Anywhere (v6)
993 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
```
I have made modification...:
```
def get_ip_address(typ):
print("Trying to connect....0 notifications.delta.chat, 443")
sock = socket.socket(typ, socket.SOCK_DGRAM)
sock.settimeout(0)
print("Trying to connect....1 notifications.delta.chat, 443")
sock.connect(("notifications.delta.chat", 443))
return sock.getsockname()[0]
```
I can connect from my Debian:
```
***@***.***:~# curl notifications.delta.chat
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head><title>Permanently Moved</title></head>
<body><h1>Permanently Moved</h1>
<p>This resource has <strong>moved permanently</strong> to
<a href="https://notifications.delta.chat/">https://notifications.delta.chat/</a>.</p>
***@***.***:~#
***@***.***:~#
***@***.***:~# curl https://notifications.delta.chat
Hello, ***@***.***:~#
```
And now the error is:
```
***@***.***:~/chatmail$ scripts/cmdeploy run
[ssh] login to deltachat.jurkiewicz.chat
Checking DNS entries .20240710065842 [CRITICAL] acmetool: fatal: get account URL: HTTP error: 400 Bad Request
(problem (type "urn:ietf:params:acme:error:accountDoesNotExist") (instance "") (id <nil>) (title ""): (detail "No account exists with the provided key"))
...Traceback (most recent call last):
File "/home/adasiek/chatmail/venv/bin/cmdeploy", line 8, in <module>
sys.exit(main())
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/cmdeploy.py", line 299, in main
res = args.func(args, out, **kwargs)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/cmdeploy.py", line 56, in run_cmd
retcode, remote_data = show_dns(args, out)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/dns.py", line 21, in show_dns
remote_data = sshexec(remote_funcs.perform_initial_checks, mail_domain=mail_domain)
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/sshexec.py", line 16, in __call__
code, data = self._remote_cmdloop_channel.receive(timeout=self.timeout)
File "/home/adasiek/chatmail/venv/lib/python3.10/site-packages/execnet/gateway_base.py", line 934, in receive
raise self._getremoteerror() or EOFError()
execnet.gateway_base.RemoteError: Traceback (most recent call last):
File "<string>", line 1291, in executetask
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 106, in <module>
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 42, in perform_initial_checks
File "/home/adasiek/chatmail/cmdeploy/src/cmdeploy/remote_funcs.py", line 61, in get_ip_address
OSError: [Errno 101] Network is unreachable
```
The strange behavior is - I cannot see any of my **print** from code.... what next?
--
Reply to this email directly or view it on GitHub:
#317 (comment)
You are receiving this because you commented.
Message ID: ***@***.***>
|
this should not be a problem. To be sure, you can delete your let's encrypt state with |
|
OK, the output is: I check openssl on chat server - ERROR: I don't have |
|
Yes, |
|
@missytake - but it failed: |
|
okay, it's a problem on our side. We will do a fix and get back to you :) |
|
Write directly on Matrix: https://matrix.to/#/@adam.jurkiewicz:matrix.org I will pull repo and test. |
|
did a PR to help fix this:
#355
branch-name: hpk/debug317
It would be interesting if you try out this branch with both
cmdeploy run
and
cmdeploy dns -v
thanks!
…On Wed, Jul 10, 2024 at 05:46 -0700, Adam Jurkiewicz Pythonista wrote:
Write directly on Matrix:
***@***.***:matrix.org
I will pull repo and test.
--
Reply to this email directly or view it on GitHub:
#317 (comment)
You are receiving this because you commented.
Message ID: ***@***.***>
|
|
I will try in 2-3 hour s
PTI member: https://www.linkedin.com/in/adam-jurkiewicz-python-linux/Sekcja Informatyki Szkolnej (PTI) - Member of Board: https://sis.pti.org.pl/profile/adam_jurkiewicz/
Python support for teachers: https://python.szkola.pl
Teacher · Linux · Python 3: https://github.com/abixadamj
Mobile: +48 662 144 425 | Private Chat: @adam.jurkiewicz:matrix.org
Wysłano z aplikacji Proton Mail
…-------- Oryginalna wiadomość --------
10.07.2024 15:54, holger krekel napisał(a):
did a PR to help fix this:
#355
branch-name: hpk/debug317
It would be interesting if you try out this branch with both
cmdeploy run
and
cmdeploy dns -v
thanks!
On Wed, Jul 10, 2024 at 05:46 -0700, Adam Jurkiewicz Pythonista wrote:
> Write directly on Matrix:
>
> ***@***.***:matrix.org
>
> I will pull repo and test.
>
> --
> Reply to this email directly or view it on GitHub:
> #317 (comment)
> You are receiving this because you commented.
>
> Message ID: ***@***.***>
—
Reply to this email directly, [view it on GitHub](#317 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/ABG2LA5QGAPZ2IJT5BP2DUTZLU4I5AVCNFSM6AAAAABIYLEX4CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRQGU3TAOBSGE).
You are receiving this because you commented.Message ID: ***@***.***>
|
|
@hpk42 ... |
|
could you "git pull" all recent changes? |
|
OK, I removed dir and clone once again.... Then I have made I don't understand... |
|
|
|
i suggest we discuss/feedback further on the PR #355 |
|
#355 is merged and initial checks should be better now, also no IP-address detection takes place anymore. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
related to #311 (comment).
If a user wants to redeploy their chatmail instance they currently only get a long ACMEtool error. I think it'd be better if we instead warn them, when checking DNS, that they have to make a change to their CAA record.
The text was updated successfully, but these errors were encountered: