Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack trace on unexpected HTTP response #274

Open
sdgathman opened this issue Nov 10, 2021 · 2 comments
Open

Stack trace on unexpected HTTP response #274

sdgathman opened this issue Nov 10, 2021 · 2 comments

Comments

@sdgathman
Copy link

sdgathman commented Nov 10, 2021
edited
Loading

When fetching the .well-known URL as a test before contacting LE, this stack trace results:

python3[1084511]: detected unhandled Python exception in '/usr/sbin/acme_tiny'
acme-tiny[1084511]: Traceback (most recent call last):
acme-tiny[1084511]:   File "/usr/sbin/acme_tiny", line 199, in <module>
acme-tiny[1084511]:     main(sys.argv[1:])
acme-tiny[1084511]:   File "/usr/sbin/acme_tiny", line 195, in main
acme-tiny[1084511]:     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
acme-tiny[1084511]:   File "/usr/sbin/acme_tiny", line 145, in get_crt
acme-tiny[1084511]:     assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
acme-tiny[1084511]:   File "/usr/sbin/acme_tiny", line 43, in _do_request
acme-tiny[1084511]:     if depth < 100 and code == 400 and resp_data['type'] == "urn:ietf:params:acme:error:badNonce":
acme-tiny[1084511]: TypeError: string indices must be integers

Manually fetching the URL gets this error:

400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Tcpdump confirms this is on port 80.

Clearly, the 400 error is an apache or apache config problem - acme-tiny-5.0.1 works on EL7 and other systems. However, the error handling could be cleaner. :-)
I will try my hand at a patch that doesn't bloat the beautiful acme-tiny code . . .
@sdgathman
Copy link
Author

So, problem is reusing resp_data reference means that when there is an error parsing the string, it is still a string and not a dict. So running with this patch (purposefully ot fixing whatever the apache config error is until the acme-tiny error handling is fixed):

@@ -36,10 +36,11 @@
         except IOError as e:
             resp_data = e.read().decode("utf8") if hasattr(e, "read") else str(e)
             code, headers = getattr(e, "code", None), {}
+        resp_raw = resp_data
         try:
-            resp_data = json.loads(resp_data) # try to parse json results
+            resp_data = json.loads(resp_raw) # try to parse json results
         except ValueError:
-            pass # ignore json parsing errors
+            raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, '"%s"'%resp_raw))
         if depth < 100 and code == 400 and resp_data['type'] == "urn:ietf:params:acme:error:badNonce":
             raise IndexError(resp_data) # allow 100 retrys for bad nonces
         if code not in [200, 201, 204]:

I discover that code is 204 and resp_raw is empty from LE:

acme-tiny[1101418]:   File "/usr/sbin/acme_tiny", line 43, in _do_request
acme-tiny[1101418]:     raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, '"%s"'%resp_raw))
acme-tiny[1101418]: ValueError: Error:
acme-tiny[1101418]: Url: https://acme-v02.api.letsencrypt.org/acme/new-nonce
acme-tiny[1101418]: Data: None
acme-tiny[1101418]: Response Code: 204
acme-tiny[1101418]: Response: ""

@sdgathman
Copy link
Author

Ok, this patch is minimal code change and makes the error much clearer:

@@ -39,7 +39,7 @@
         try:
             resp_data = json.loads(resp_data) # try to parse json results
         except ValueError:
-            pass # ignore json parsing errors
+            resp_data = {'type':None, 'raw': resp_data}
         if depth < 100 and code == 400 and resp_data['type'] == "urn:ietf:params:acme:error:badNonce":
             raise IndexError(resp_data) # allow 100 retrys for bad nonces
         if code not in [200, 201, 204]:

And the resulting error is:

acme-tiny[1111183]: ValueError: Wrote file to /var/www/challenges/0eG_qrrSE_OpkH5114hcl8auxZPFqtRxX72HvXKyjaQ, but couldn't download http://melissa.gathman.org/.well-known/acme-challenge/0eG_qrrSE_OpkH5114hcl8auxZPFqtRxX72HvXKyjaQ: Error:
acme-tiny[1111183]: Url: http://melissa.gathman.org/.well-known/acme-challenge/0eG_qrrSE_OpkH5114hcl8auxZPFqtRxX72HvXKyjaQ
acme-tiny[1111183]: Data: None
acme-tiny[1111183]: Response Code: 400
acme-tiny[1111183]: Response: {'type': None, 'raw': '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\nReason: You\'re speaking plain HTTP to an SSL-enabled server port.<br />\n Instead use the HTTPS scheme to access this URL, please.<br />\n</p>\n</body></html>\n'}

sdgathman added a commit to sdgathman/acme-tiny that referenced this issue Nov 10, 2021
@sdgathman
Improved diagnostic for HTTP response with no JSON
0d11dd5 
diafygi#274
@sdgathman sdgathman mentioned this issue Nov 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sdgathman