ERROR: unable to load X509 request | Fórum | School of Net

Deseja poder participar de nosso fórum e tirar todas as suas dúvidas?
Clique aqui e assine nosso plano de acesso ilimitado. Saiba mais.

por Marcelo

1 ano, 10 meses atrás Marcelo

ERROR: unable to load X509 request

Boa noite ao rodar a task Begin Let's Encrypt challenges estou recebendo o seguinte erro. Centos 7 TASK [letsEncrypt : Begin Let's Encrypt challenges] ******************************************************************************************************task path: /etc/ansible/roles/letsEncrypt/tasks/main.yml:25 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root <127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566 `" && echo ansible-tmp-1610059604.49-19530323932566="` echo /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_certificate.py <127.0.0.1> PUT /root/.ansible/tmp/ansible-local-20805fL4RRu/tmp8QM2Ch TO /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566/AnsiballZ_acme_certificate.py <127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566/ /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566/AnsiballZ_acme_certificate.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566/AnsiballZ_acme_certificate.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1610059604.49-19530323932566/ > /dev/null 2>&1 && sleep 0' fatal: [ansible_server]: FAILED! => { "changed": false, "cmd": "/usr/bin/openssl req -in /etc/letsencrypt/csrs/homologa.estrelas.tv.csr -noout -text", "invocation": { "module_args": { "account_email": "[email protected]", "account_key_content": null, "account_key_src": "/etc/letsencrypt/account/account.key", "account_uri": null, "acme_directory": "https://acme-v02.api.letsencrypt.org/directory", "acme_version": 2, "agreement": null, "chain_dest": null, "challenge": "http-01", "csr": "/etc/letsencrypt/csrs/homologa.estrelas.tv.csr", "data": null, "deactivate_authzs": false, "dest": "/etc/letsencrypt/certs/homologa.estrelas.tv.crt", "force": false, "fullchain_dest": "/etc/letsencrypt/certs/fullchain_homologa.estrelas.tv.crt", "modify_account": true, "remaining_days": 91, "retrieve_all_alternates": false, "select_crypto_backend": "auto", "terms_agreed": true, "validate_certs": true } }, "msg": "unable to load X509 request\n140144147449744:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: CERTIFICATE REQUEST", "rc": 1, "stderr": "unable to load X509 request\n140144147449744:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: CERTIFICATE REQUEST\n", "stderr_lines": [ "unable to load X509 request", "140144147449744:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: CERTIFICATE REQUEST" ], "stdout": "", "stdout_lines": [] } Versão do meu OPENSSH OpenSSL 1.0.2k-fips 26 Jan 2017 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic host_vars/ansible_server acme_challenge_type: http-01 acme_directory: https://acme-v02.api.letsencrypt.org/directory acme_version: 2 acme_email: [email protected] letsencrypt_dir: /etc/letsencrypt letsencrypt_key_dir: /etc/letsencrypt/keys letsencrypt_csrs_dir: /etc/letsencrypt/csrs letsencrypt_certs_dir: /etc/letsencrypt/certs letsencrypt_account_key: /etc/letsencrypt/account/account.key domain_name: homologa.estrelas.tv roles/letsEncrypt/tasks/main.yml - name: "Create required directories in /etc/letsencrypt" file: path: "/etc/letsencrypt/{{ item }}" state: directory owner: root group: root mode: u=rwx,g=x,o=x with_items: - account - certs - csrs - keys - name: "Generate a Let's Encrypt account key" shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi" - name: "Generate Let's Encrypt private key" shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ domain_name }}.key" - name: "Generate Let's Encrypt CSR" shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ domain_name }}.key -subj \"/CN={{ domain_name }}\" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf \"\n[SAN]\nsubjectAltName=DNS:{{ domain_name }},DNS:www.{{ domain_name }}\")) | sudo tee /etc/letsencrypt/csrs/{{ domain_name }}.csr" args: executable: /bin/bash - name: "Begin Let's Encrypt challenges" acme_certificate: acme_directory: "{{ acme_directory }}" acme_version: "{{ acme_version }}" account_key_src: "{{ letsencrypt_account_key }}" account_email: "{{ acme_email }}" terms_agreed: 1 challenge: "{{ acme_challenge_type }}" csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr" dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt" fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt" remaining_days: 91 register: acme_challenge_your_domain - name: "Create .well-known/acme-challenge directory" file: path: /var/www/html/.well-known/acme-challenge state: directory owner: root group: root mode: u=rwx,g=rx,o=rx - name: "Implement http-01 challenge files" copy: content: "{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource_value'] }}" dest: "/var/www/html/{{ acme_challenge_your_domain['challenge_data'][item]['http-01']['resource'] }}" owner: root group: root mode: u=rw,g=r,o=r with_items: - "{{ domain_name }}" - "www.{{ domain_name }}" - name: "Complete Let's Encrypt challenges" letsencrypt: acme_directory: "{{ acme_directory }}" acme_version: "{{ acme_version }}" account_key_src: "{{ letsencrypt_account_key }}" account_email: "{{ acme_email }}" challenge: "{{ acme_challenge_type }}" csr: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr" dest: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt" chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt" fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}" data: "{{ acme_challenge_your_domain }}" Agradeço pela atenção.

2 Respostas