Hello everyone,
I am trying to use the Lets Encrypt module from the App Center on a brand new UCS server but there is a problem, when the Lets Encrypt module tries to fetch a cetificiate it prefixes the domain with a random quotation mark (") even though I didn’t put in in the form. This stray quotation mark causes a Domain name contains an invalid character error inside the Lets Encrypt logs (I have replaced my real domain with a example domain).
/var/log/univention/letsencrypt.log shows:
Thu 12 Sep 16:46:07 BST 2024
Refreshing certificate for following domains:
portal.example.uk,mail.example.uk
Parsing account key...
Parsing CSR...
Found domains: "portal.example.uk
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Traceback (most recent call last):
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 121, in get_crt
order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 60, in _send_signed_request
return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error creating new order:
Url: https://acme-v02.api.letsencrypt.org/acme/new-order
Data: {"protected": "REDACTED", "payload": "REDACTED", "signature": "REDACTED"}
Response Code: 400
Response: {u'status': 400, u'type': u'urn:ietf:params:acme:error:rejectedIdentifier', u'detail': u'Invalid identifiers requested :: Cannot issue for "\\"portal.example.uk": Domain name contains an invalid character'}
Setting letsencrypt/status
Module: ox-config
Setting letsencrypt/services/apache2
File: /etc/apache2/sites-available/univention-letsencrypt.conf
Module: ox-config
Unsetting mail/dovecot/ssl/key
Unsetting mail/dovecot/ssl/certificate
Unsetting mail/dovecot/ssl/cafile
File: /etc/postfix/ldap.ox-sharedfolder_mailbox
File: /etc/postfix/ldap.ox-sharedfolder
File: /etc/dovecot/conf.d/10-ssl.conf
Module: ox-config
Unsetting mail/postfix/ssl/key
Unsetting mail/postfix/ssl/certificate
Unsetting mail/postfix/ssl/cafile
Module: ox-config
Multifile: /etc/postfix/main.cf
Based on the logs I belive the problem may result from a bug in the Lets Encrypt module itself rather then my configuration. Futher proof is shown in the image:
^ As you can see I have not manualy entered in the quotation mark myself.
I’m curentlly using USC 5.0-8 errata1125 and the latest Lets Encrypt module I can install.
Do anyone have an answer to why this this is happening or how it can be fixed?