Comments (18)
That makes sense, because i put in a placeholder account. I fixed the issue, i'll post separatly what it was so it can be pinned/marked as solution.
from lego.
Hi all,
This is the solution, it is crazy and far fetched but with the awesome help if @ldez it was found and fixed!
On a non-functional server:
root@vps01:/opt/deployment/webserver# file -i traefik/transip.apikey
traefik/transip.apikey: text/plain; charset=utf-8
On a functional server:
root@lb-01:/opt/traefik$ file -i transip.apikey
transip.apikey: text/plain; charset=us-ascii
The encoding was off, and me beeing a total dumb*ss i copied the file contents to Idez, instead of the exact file which i could not retrieve natively.
Apparently the error "acme: error presenting token: transip: could not get token from authenticator: could not decode private key" also shows when the file encoding is not correct.
Since the file was created by an automation system, i will try to find why this happened in the first place, but for future people who experience this issue, Either try to convert your file to ascii with the command:
iconv -f UTF-8 -t ASCII transip.apikey -o transip.apikey
or just write a new file with the same contents.
Once again Thanks @ldez for helping out, i would never found this myself!
from lego.
Encoding problems, the hidden problems that can spend you hours on them 😸
FYI, I deleted all the information you provided from my computer and my mailbox.
Sponsoring is a good way to sustain open source maintainers: sponsor me
from lego.
Hello,
Did you try with previous versions of Traefik?
from lego.
The implementation is using the official API client.
The error:
could not get token from authenticator: could not decode private key
comes from:
- https://github.com/transip/gotransip/blob/9dc7354effdfe25646fd159601bf44d52dc9a697/client.go#L126
- https://github.com/transip/gotransip/blob/9dc7354effdfe25646fd159601bf44d52dc9a697/authenticator/authenticator.go#L92
Your problem seems to be related to your configuration.
I think the file's content defined with TRANSIP_PRIVATE_KEY_PATH
has a problem.
from lego.
This was indeed the first thing i suspected, however the key is readable from the docker container. Unfortunatly i am not aware how i could get more logging from inside the process itself
from lego.
Hello,
Did you try with previous versions of Traefik?
Now i have, same outcome. I am now comparing a working and a non-working setup but can not find differences about the above references file.
Since i have multiple installations i even tried using the api key from a working machine, but it results in the same issue (also testen on v2.11 and v2.10 of traefik)
from lego.
I have tested some more, and by changing the TRANSIP_PRIVATE_KEY_PATH
to TRANSIP_PRIVATE_KEY_PATH_FILE
i got this output:
time="2024-02-22T15:57:55Z" level=error msg="Unable to obtain ACME certificate for domains \"vps01.*****.net\"" routerName=api@docker error="cannot get ACME client transip: error while opening private key file: open \ufeff-----BEGIN PRIVATE KEY-----\nMIIEvQIBA*************TvPQ=\n-----END PRIVATE KEY-----\n: no such file or directory" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme rule="Host(`vps01.*****.net`) && PathPrefix(`/api`)"
This clearly proves the file can be read, however i am not sure what the "\ufeff" part means before the private key.
For transparency, this is how i mention the variables in my docker-compose.yml file:
environment:
- TRANSIP_ACCOUNT_NAME=*****
- TRANSIP_PRIVATE_KEY_PATH=/transip.apikey
from lego.
I don't think the problem comes from the fact to open the file.
I think it's related to the content, as I said previously.
The error could not decode private key
is about the content.
There is something invalid with the content of this file.
from lego.
I understand why you would say that, however to test what is going on here, i have deleted the contents of the file multiple times and pasted new (and even currently working) keys in the file in order to test if this would be the issue.
I guess i'm a bit lost here now.. Strange, this is the first time this exact config does not work for me
from lego.
Strange, this is the first time this exact config does not work for me
what was the context when this was working?
What's changed since that?
from lego.
It's a completely new server, but i used the same basic templates for my docker-compose.yml file as before. That's why i'm so surprised it does not have the same outcome.
To doublecheck, i created a new api key without any ip-restrictions on the TransIP side, just to exclude that too.
As shown in the log output above, the file is exactly a private key, with 0600 file permissions, it's just the same over multiple servers here.
from lego.
When it was working, what was the exact Traefik version?
Because the code of the API client hasn't changed for a long time for the parts that lego uses.
from lego.
One of the working servers is running Traefik 2.5.3, so i ran that specific version, issue resides.. I'll trash everything and start over completely blank to see if that changes anything
from lego.
If you can create a temporary file, can you send me one by email?
Like that, I will be able to just test the file.
from lego.
Your private key file works, I run tests of the API client with it there is no error and I can sign a request.
So the problem is not here 🤔
I can be on the mounting point or related to system encoding 🤔
from lego.
Thank you so much for excluding those specifics, i'll continue to test here
from lego.
I could not test more with the information you provided, because:
transip: could not get token from authenticator: error requesting token: Your key signature is invalid or API is not enabled in your account
from lego.
Related Issues (20)
- on armv7I-32 CPU: this CPU has no VFPv3 floating point hardware HOT 3
- renew doesn't take multiple domains HOT 1
- "The HTTP S3 Present should not utilize Object ACL permissions, as they are not recommended."
- acme: error presenting token: alicloud: zone com. not found in AliDNS for ... HOT 2
- oraclecloud is using only default realm OC1 for all requests HOT 7
- Missing and misleading hook environment variables HOT 4
- Add support for Route53 private zones HOT 1
- '--dns exec' show output in real time? HOT 3
- Add SLSA provenance to your releases
- renew-hook does not support quoted parameters HOT 1
- Add Retry-After header value to get renewal info result HOT 3
- DNS request prefer IPv6 only HOT 1
- exoscale: fails when issuing certificate for "*.domain.example" and "domain.example" HOT 14
- Ability to update email using the CLI
- Support for provider: mittwald HOT 3
- azuredns: CLI authentication doesn't respect tenant setting
- DNS certificates with many names: Faster verification HOT 13
- Support hook arguments HOT 3
- Whether you can support manual custom validation of DNS records in golang dependent mode?
- Leftover deprecated update renewal info call
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lego.