R
@piba
Ok... this is what Ive done so far:
Navigate to: https://eu.api.ovh.com/createApp/
1.1 Get AK, AS
Log into FW, create account key
Get the consumer key by requesting an authentication token from OVH: launch curl request:
curl -XPOST -H"X-Ovh-Application: APPLICATION_KEY -H "Content-type: application/json" https://eu.api.ovh.com/1.0/auth/credential -d '{"accessRules":[{"method": "GET","path": "/"}],"redirection":"https://www.YYYY.com/"}'
curl -XPOST -H"X-Ovh-Application: XXXX" -H "Content-type: application/json" https://eu.api.ovh.com/1.0/auth/credential -d '{"accessRules":[{"method": "GET","path": "/"}],"redirection":"https://www.YYYY.com/"}'
Get the return value from curl, and then, validate the returned url:
{"validationUrl":"https://eu.api.ovh.com/auth/?credentialToken=ZZZZZZ","consumerKey":"AAAAAA","state":"pendingValidation"}
Once validated, enter values in ACME, and create cert request.
That last step seems to be working correctly, as when I validate (click on) the url sent in the curl response, leads me to the OVH page, and asks me to log in, and then redirects me to the site.
The API stuff seems to generate things as needed, but in the end, I get an "invalid domain" error message when requesting the cert via ACME. A few follow up details:
Im trying to create a wildcard cert. the entry in put in the ACME form, was i the format of *.YYYY.COM
This is the end output of the attempt:
[Mon Sep 24 16:51:52 EDT 2018] Registering account
[Mon Sep 24 16:51:53 EDT 2018] Already registered
[Mon Sep 24 16:51:53 EDT 2018] ACCOUNT_THUMBPRINT='XXXXXX'
[Mon Sep 24 16:51:53 EDT 2018] Single domain='.YYYY.com'
[Mon Sep 24 16:51:53 EDT 2018] Getting domain auth token for each domain
[Mon Sep 24 16:51:55 EDT 2018] Getting webroot for domain='.YYYY.com'
[Mon Sep 24 16:51:55 EDT 2018] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_ovh.sh
[Mon Sep 24 16:51:55 EDT 2018] Using OVH endpoint: ovh-eu
[Mon Sep 24 16:51:55 EDT 2018] Checking authentication
[Mon Sep 24 16:51:56 EDT 2018] Consumer key is ok.
[Mon Sep 24 16:51:59 EDT 2018] invalid domain
[Mon Sep 24 16:51:59 EDT 2018] Error add txt for domain:_acme-challenge.YYYY.com
[Mon Sep 24 16:51:59 EDT 2018] Please check log file for more details: /tmp/acme/YYYY-Testing/acme_issuecert.log.
Finally, do I, or dont I need a firewall rule to open up the access? The guide seemed to indicate that I needed to open port 80...
