Error when using Let's Encrypt in Automatic configuration


#1

Hello,
I need help on Automatic HTTPS Configuration. It returned with “error! internal server error, unexpected” after I clicked agree with Let’s Encrypt terms.
I am stuck with it now, can you show me how should I troubleshot.
Thank you.


#2

Hi Tiam,

could you tell which version of GlobaLeaks you are using and which hostname are you trying to configure, so we can try to reproduce and fix the problem?

Fabio


#3

Hi Fabio,
Globaleaks version 3.2.5, Hostname : bravetotell.com also tried 162.255.84.137 (ip of bravetotell.com) but same results.
Right now Hostname is bravetotell.com
Thank you.
Tiam


#4

Hello Fabio,
Upgrade to Globaleaks 3.3.1 today but with the same error.
My cloud server provider offer free GeoTrust QuickSSL Wildcard (SSL Starter Plus) certificate, should I try to use that?
Or I should use your Network>Manual configuration and try to get the certificate?
Thanks
Tiam


#5

Same problem here (version 3.3.1 - address: wb.verlata.it).
Error log follows:

2018-08-09 08:01:53+0200 [-] [E] Unhandled exception raised:
2018-08-09 08:01:53+0200 [-] [E] AttributeError Attribute not found.\n\nTraceback (most recent call last):\n\n File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 1384, in _inlineCallbacks\n result = result.throwExceptionIntoGenerator(g)\n\n File "/usr/lib/python3/dist-packages/twisted/python/failure.py", line 408, in throwExceptionIntoGenerator\n return g.throw(self.type, self.value, self.tb)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 557, in put\n yield acme_cert_issuance(self.request.tid)\n\n File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext\n result = inContext.theWork()\n\n File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in <lambda>\n inContext.theWork = lambda: context.call(ctx, func, *args, **kw)\n\n File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext\n return self.currentContext().callWithContext(ctx, func, *args, **kw)\n\n File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext\n return func(*args,**kw)\n\n File "/usr/lib/python3/dist-packages/globaleaks/orm.py", line 109, in _wrap\n result = function(session, *args, **kwargs)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 537, in acme_cert_issuance\n return db_acme_cert_issuance(session, tid)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 513, in db_acme_cert_issuance\n accnt_key = serialization.load_pem_private_key(raw_accnt_key.encode(),\n\nAttributeError: 'bytes' object has no attribute 'encode'\n

TIA,

Giuseppe


#6

@verlata: i think your issue should be something different, and was fixed in 3.3.1: https://github.com/globaleaks/GlobaLeaks/issues/2388

The code included in your stacktrace is from a lower version; would you please check the current version, try to update and let us know if the issue is fixed?


#7

Sorry for late reply.
I’ve been trying to upgrade since this morning, but deb.globaleaks.org refuses connections.

I’ll report back as soon as I’ll be able to upgrade.

Thanks for your reply,

giuseppe


#8

Dear @verlata,

we just restarted the repository that was under maintainance.

please let us know if the update solved your issues.

best,

Giovanni Pellerano


#9

Dear Giovanni,
I upgraded to 3.3.3:

globaleaks --version

GlobaLeaks version: 3.3.3
Database version: 43

Still “internal server error”:

2018-08-15 09:55:38+0200 [-] [I] Generating the HTTPS key with 2048 bits
2018-08-15 09:55:38+0200 [-] [-] [1] 202 PUT /admin/config/tls/files/priv_key 0B 110ms
2018-08-15 09:55:38+0200 [-] [I] Generating an ACME account key with 2048 bits
2018-08-15 09:55:39+0200 [-] [-] [1] 201 POST /admin/config/acme/run 88B 766ms
2018-08-15 09:55:44+0200 [-] [E] Unhandled exception raised:
2018-08-15 09:55:44+0200 [-] [E] ValueError Inappropriate argument value (of correct type).\n\nTraceback (most recent call last):\n\n File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 1384, in _inlineCallbacks\n result = result.throwExceptionIntoGenerator(g)\n\n File "/usr/lib/python3/dist-packages/twisted/python/failure.py", line 408, in throwExceptionIntoGenerator\n return g.throw(self.type, self.value, self.tb)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 559, in put\n yield acme_cert_issuance(self.request.tid)\n\n File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext\n result = inContext.theWork()\n\n File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in <lambda>\n inContext.theWork = lambda: context.call(ctx, func, *args, **kw)\n\n File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext\n return self.currentContext().callWithContext(ctx, func, *args, **kw)\n\n File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext\n return func(*args,**kw)\n\n File "/usr/lib/python3/dist-packages/globaleaks/orm.py", line 109, in _wrap\n result = function(session, *args, **kwargs)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 539, in acme_cert_issuance\n return db_acme_cert_issuance(session, tid)\n\n File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 517, in db_acme_cert_issuance\n backend=default_backend())\n\n File "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization.py", line 20, in load_pem_private_key\n return backend.load_pem_private_key(data, password)\n\n File "/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1015, in load_pem_private_key\n password,\n\n File "/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1234, in _load_key\n self._handle_key_loading_error()\n\n File "/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1292, in _handle_key_loading_error\n raise ValueError("Could not deserialize key data.")\n\nValueError: Could not deserialize key data.\n
2018-08-15 09:55:44+0200 [-] [-] [1] 500 PUT /admin/config/acme/run 99B 209ms

If useful, I can fully reinstall.
Thanks,

Giuseppe


#10

Thank you @verlata,

we identified the issue and it shouldbe fixed by the upcoming 3.3.4 that will be released this morning.

Reinstall should not be necessary and eventually you will need just to reset the current configuration and perform a new one.

best,

Giovanni Pellerano


#11

Dear Giovanni,

installing 3.3.4 was not possible due to unmet dependencies:

apt install globaleaks
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
globaleaks : Depends: python3-acme (>= 0.26.0) but 0.22.2-1ubuntu0.1 is to be installed
E: Unable to correct problems, you have held broken packages.

cat /etc/issue
Ubuntu 18.04.1 LTS

Am I supposed to force python3-acme upgrade?

Thanks,

Giuseppe


#12

thanks @verlata for the feedback,

actually the package python3-acme is on our repository.

could you try the following:
apt-get update && apt-get install globaleaks

only if this does not work try:
apt-get update && apt-get install python3-acme
apt-get install globaleaks

Please let us know if one of these solve your issues


#13

Again problems with the repo:

apt update
[…]
W: Failed to fetch http://deb.globaleaks.org/bionic/InRelease Could not connect to deb.globaleaks.org:80 (194.150.168.85). - connect (111: Connection refused)


#14

We are running maintainance on the server. It will be up in 20 min.

i’m sorry for the inconvenience, thanks for your patience.


#15

@verlata: the server is now up and running; when you can you can proceed retesting and your issue should be fixed.


#16

It’s working now. It wasn’t even necessary to reset configuration.

Thankyou very much for your job!

Giuseppe


#17

Thank you @verlata!

Please let us know your feedback after having tried globaleaks! :slight_smile:

all the best,

Giovanni Pellerano


#18

Thank you so much Giovanni !! Version 3.3.5 fixed mine too.
Great job guy and your hardworking team.
Blessings,
Tiam


#19

Just out of curiosity: where are letsencrypt certs stored in the fs? I did a search after pem files without finding anything relevant…


#20

It is stored on the database @verlata