Open
Description
lets-encrypt-update, the script responsible for issuing certs for all vhosts (apphosting and normal vhosts), chokes on any internal vhosts for a subdomain of ocf.io or ocf.berkeley.edu since acme-tiny is expecting an http-01 challenge, but it is not offered.
Subdomains under root domains are already handled by the Puppet LE infrastructure (which uses dns-01 challenges), but currently build-vhosts uses the certificates obtained from lets-encrypt-update (last updated Jan 09).
> Traceback (most recent call last):
> File "/usr/bin/acme-tiny", line 33, in <module>
> sys.exit(load_entry_point('acme-tiny==4.1.0', 'console_scripts', 'acme-tiny')())
> File "/usr/lib/python3/dist-packages/acme_tiny.py", line 194, in main
> signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
> File "/usr/lib/python3/dist-packages/acme_tiny.py", line 131, in get_crt
> challenge = [c for c in authorization['challenges'] if c['type'] == "http-01"][0]
> IndexError: list index out of range
>
Activity