esxi 7.0 local ip
my1770 opened this issue · 3 comments
DNS name k2-esxi.domain.org A record is registered to a local ip address.
At startup , outputs:
/etc/init.d/w2c-letsencrypt start
Running 'start' action
Starting certificate renewal.
Existing cert issued for localhost.localdomain but current domain name is k2-esxi.domain.org. Requesting a new one!
Generating RSA private key, 4096 bit long modulus
**********************************************************************************************************++++
***************************************************************************************************************************************************************************************************************************************************************************************************************************************++++
e is 65537 (0x10001)
Serving HTTP on 0.0.0.0 port 8120 (http://0.0.0.0:8120/) ...
Parsing account key...
Parsing CSR...
Found domains: k2-esxi.domain.org
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/866296867
Creating new order...
Order created!
Verifying k2-esxi.domain.org...
127.0.0.1 - - [11/Dec/2022 12:12:20] "GET /.well-known/acme-challenge/15Ig8QtCSjDqqtkmHsawlr5z1uBmPOccXTkqCcLQRYw HTTP/1.1" 200 -
Traceback (most recent call last):
File "./acme_tiny.py", line 199, in
main(sys.argv[1:])
File "./acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
File "./acme_tiny.py", line 153, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for k2-esxi.domain.org: {'identifier': {'type': 'dns', 'value': 'k2-esxi.domain.org'}, 'status': 'invalid', 'expires': '2022-12-18T12:12:21Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:dns', 'detail': 'no valid A records found for k2-esxi.domain.org; no valid AAAA records found for k2-esxi.domain.org', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/186152580607/5zMdvw', 'token': '15Ig8QtCSjDqqtkmHsawlr5z1uBmPOccXTkqCcLQRYw', 'validated': '2022-12-11T12:12:24Z'}]}
Warning: No cert obtained from Let's Encrypt. Keeping the existing one as it is still valid.
logger: Invalid PID 'Usage: fsvmsockrelay '
logger: Invalid PID '{start|stop|status|restart} [--vmci VMCI_ID]'
hostd signalled.
watchdog-lsud[529842]: Terminating watchdog process with PID 529113
lsud stopped
lsud started
VMware HTTP reverse proxy signalled.
sfcbd-init[529924]: args ('')
sfcbd-init[529924]: Getting Exclusive access, please wait...
sfcbd-init[529924]: Exclusive access granted.
sfcbd-init[529935]: args ('ssl_reset')
sfcbd-init[529935]: Getting Exclusive access, please wait...
sfcbd-init[529935]: Exclusive access granted.
sfcbd-init[529935]: sfcbd is not running.
logger: Invalid PID 'Usage: vdfsd '
logger: Invalid PID '{start|stop|status|restart|'
vpxa signalled.
vsanperfsvc is not running.
/etc/init.d/vvold ssl_reset, PID 530041
vvold is not running.
[root@k2-esxi:] /etc/init.d/hostd restart
watchdog-hostd[530098]: Terminating watchdog process with PID 526363 525564
hostd stopped.
hostd started.
[root@k2-esxi:] /etc/init.d/vpxa restart
watchdog-vpxa[530315]: Terminating watchdog process with PID 527026
vpxa stopped.
vpxa started.
See Prerequisites:
Your server is publicly reachable over the Internet
Let's Encrypt attempts the HTTP-01 challenge to issue a certificate for your server. If it can't connect to it from public Internet, this won't work.
Can you add the DNS-01 challenge feature?
Currently, no plans for that. ESXi is quite restricted in terms of Unix tools, interpreters etc. so that would be a major effort. Contributions welcome 👍