{"id":4338,"date":"2022-09-14T12:00:12","date_gmt":"2022-09-14T10:00:12","guid":{"rendered":"https:\/\/esferas.org\/msqlu\/?p=4338"},"modified":"2022-09-14T12:00:14","modified_gmt":"2022-09-14T10:00:14","slug":"uacme-con-gandi-net","status":"publish","type":"post","link":"https:\/\/esferas.org\/msqlu\/2022\/09\/14\/uacme-con-gandi-net\/","title":{"rendered":"uacme con gandi.net"},"content":{"rendered":"<div class='__iawmlf-post-loop-links' style='display:none;' data-iawmlf-post-links='[{&quot;id&quot;:83,&quot;href&quot;:&quot;https:\\\/\\\/github.com\\\/ndilieto\\\/uacme&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260415095419\\\/https:\\\/\\\/github.com\\\/ndilieto\\\/uacme&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:84,&quot;href&quot;:&quot;http:\\\/\\\/gandi.net&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20170925104427\\\/https:\\\/\\\/www.gandi.net\\\/&quot;,&quot;redirect_href&quot;:&quot;http:\\\/\\\/www.gandi.net\\\/&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;}]'><\/div>\n<p>Huyendo un poco (o mucho) de la complejidad del programa <em>certbot<\/em> para la renovaci\u00f3n de certificados me he decidido a probar <a href=\"https:\/\/github.com\/ndilieto\/uacme\" target=\"_blank\" rel=\"noreferrer noopener\">uacme<\/a> que permite la validaci\u00f3n v\u00eda DNS para gandi.net. <\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Dado que no est\u00e1 empaquetado se sigue el procedimiento habitual con un respositorio <em>git<\/em> y se procede a instalar el software y el archivo con la clave del API de <a href=\"http:\/\/gandi.net\">gandi.net<\/a>, que es donde tengo los DNS del dominio.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ git clone https:\/\/github.com\/tdy91\/uacme-gandi-hook.git\n$ cd uacme-gandi-hook\/\n$ sudo install -m 0555 gandi_api_functions.inc gandi_nsupdate.sh \/usr\/share\/uacme\/\n$ sudo cat &gt; \/root\/gandi_api_key\nXXXXXXXXXXXXXXX\nEOF\n$ sudo chmod 0600 \/root\/gandi_api_key\n<\/code><\/pre>\n\n\n\n<p>El archivo con la clave del API de gandi se instala en el directorio ra\u00edz del superusuario de manera predeterminada aunque puede cambiarse con la variable de entorno <code>GANDI_API_KEY_FILE<\/code>.<\/p>\n\n\n\n<p>Una vez instalado comenzar con \u00e9l es sencillo:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo install -d \/etc\/uacme\/\n$ sudo uacme -c \/etc\/uacme\/ new webmaster@dominio\n$ tree \/etc\/uacme\/\n\/etc\/uacme\/\n\u2500\u2500 private\n   \u2514\u2500\u2500 key.pem\n<\/code><\/pre>\n\n\n\n<p>Con eso tenemos creada la cuenta ACME asociada a esa direcci\u00f3n de correo y ahora vamos a instalar el complemento para emplear el mecanismo de DNS para los certificados.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\"> uacme -v -c \/etc\/uacme\/ -h \/usr\/share\/uacme\/gandi_nsupdate.sh issue susanamerino.com \\*.susanamerino.com \nuacme: version 1.7.1 starting on Wed, 14 Sep 2022 11:31:01 +0200\nuacme: loading key from \/etc\/uacme\/\/private\/key.pem\nuacme: loading key from \/etc\/uacme\/\/private\/susanamerino.com\/key.pem\nuacme: checking existence and expiration of \/etc\/uacme\/\/susanamerino.com\/cert.pem\nuacme: \/etc\/uacme\/\/susanamerino.com\/cert.pem does not exist\nuacme: generating certificate request\nuacme: fetching directory at https:\/\/acme-v02.api.letsencrypt.org\/directory\nuacme: retrieving account at https:\/\/acme-v02.api.letsencrypt.org\/acme\/new-acct\nuacme: account location: https:\/\/acme-v02.api.letsencrypt.org\/acme\/acct\/731113527\nuacme: creating new order at https:\/\/acme-v02.api.letsencrypt.org\/acme\/new-order\nuacme: order location: https:\/\/acme-v02.api.letsencrypt.org\/acme\/order\/731113527\/125377996077\nuacme: retrieving authorization at https:\/\/acme-v02.api.letsencrypt.org\/acme\/authz-v3\/153227855347\nuacme: running \/usr\/share\/uacme\/gandi_nsupdate.sh begin dns-01 susanamerino.com 7Y6us_HJ0jX6SSGWOl9thJn11XLJ00YDENWpfK-57J8 C_LhKw2qhJoCZUu24iejkuS9Vmn3RYtbyhz7fQ5BnMs\n\/usr\/share\/uacme\/gandi_nsupdate.sh: 39: source: not found\n\/usr\/share\/uacme\/gandi_nsupdate.sh: 106: acme_ns_put: not found\nuacme: challenge dns-01 declined\nuacme: no challenge completed\nuacme: failed to authorize order at https:\/\/acme-v02.api.letsencrypt.org\/acme\/order\/731113527\/125377996077\nroot@esferas:~# \n<\/code><\/pre>\n\n\n\n<p>Y como puede verse alg\u00fan error he cometido porque el script <code>gandi_nsupdate.sh<\/code> no encuentra las funciones asociadas y muere miserablemente. Revisado el c\u00f3digo, e incluso llamado el script directamente (con trazado de ejecuci\u00f3n), el error no aparece. Es s\u00f3lo cuando est\u00e1 integrado en el proceso de trabajo de <code>uacme<\/code>.<\/p>\n\n\n\n<p>No termina de gustarme el montaje y debo estar cansado para acertar con el error. Y s\u00ed, <code>certbot<\/code> tiene lo que tiene, pero de momento funciona. Seguir\u00e9 con \u00e9l. Jo, qu\u00e9 rollo. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Huyendo un poco (o mucho) de la complejidad del programa certbot para la renovaci\u00f3n de certificados me he decidido a probar uacme que permite la validaci\u00f3n v\u00eda DNS para gandi.net.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","webmentions_disabled_pings":false,"webmentions_disabled":false,"footnotes":""},"categories":[14],"tags":[18,1046,693,554,1168],"class_list":["post-4338","post","type-post","status-publish","format-standard","hentry","category-internet","tag-administracion-de-sistemas","tag-certificados-digitales","tag-gandi-net","tag-lets-encrypt","tag-uacme"],"_links":{"self":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/4338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/comments?post=4338"}],"version-history":[{"count":1,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/4338\/revisions"}],"predecessor-version":[{"id":4339,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/4338\/revisions\/4339"}],"wp:attachment":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/media?parent=4338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/categories?post=4338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/tags?post=4338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}