Wrong LetsEncrypt-Token

WilhelmW
WilhelmW
Community Member

I want to set up the docker SCIM bridge (yes V1.1.1) in kubernetes but I'm not able to verify the letsencrypt certificate because he is using the wrong token.

op-scim Log:
redicrypt: getting cert for key redicrypt/1pw-scim-bridge.sport-thieme.de
redicrypt: getting cert for key redicrypt/acme_account+key
redicrypt: writing cert for key redicrypt/1pw-scim-bridge.sport-thieme.de+token
redicrypt: writing cert for key redicrypt/EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc+http-01
acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/905231191" for domain "1pw-scim-bridge.sport-thieme.de": no viable challenge type found
acme/autocert: missing certificate

But when I take a look at https://acme-v02.api.letsencrypt.org/acme/authz-v3/905231191 the token should be AQEEgVcKDN6IrNjILYV2XW-HB1T8fIbkiaghUDNXAFw and not EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc.

So he offers the challenge for the wrong token:
http://1pw-scim-bridge.sport-thieme.de/.well-known/acme-challenge/EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc
...and not the right one...
http://1pw-scim-bridge.sport-thieme.de/.well-known/acme-challenge/AQEEgVcKDN6IrNjILYV2XW-HB1T8fIbkiaghUDNXAFw
...and so hes absoluty right telling me "no viable challenge type found", but why!?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Wrong LetsEncrypt-Token

Comments

  • Hi @WilhelmW

    Am I correct in thinking you have just upgraded from an earlier version of the SCIM Bridge?

    We use redicrypt to avoid having to recreate the LetsEncrypt certificate every time you restart your bridge. It is plausible, if you have upgraded just the SCIM Bridge, that the SCIM Bridge is selecting the incorrect certificate, thus giving the incorrect challenge.

    Try completely removing the redis instance, or if it contains information from other services, removing the two redicrypt entries for the SCIM Bridge. Then restart your Bridge. It should recreate the AMCEv2 certificate and serve the correct challenge.

    In the meantime, I will see if I can reproduce your problem.

    Graham

  • WilhelmW
    WilhelmW
    Community Member
    edited October 2019

    I thought I found the solution, but no :(

  • WilhelmW
    WilhelmW
    Community Member

    I removed the whole kubernetes cluster
    set up a new one following the instructions from https://support.1password.com/scim-deploy-azure/
    and I still get the same error...

  • cohix
    cohix
    1Password Alumni

    @WilhelmW I do believe you've emailed in to our support? Is there anything else we can help with here?

This discussion has been closed.