Wrong LetsEncrypt-Token

I want to set up the docker SCIM bridge (yes V1.1.1) in kubernetes but I'm not able to verify the letsencrypt certificate because he is using the wrong token.

op-scim Log:
redicrypt: getting cert for key redicrypt/1pw-scim-bridge.sport-thieme.de
redicrypt: getting cert for key redicrypt/acme_account+key
redicrypt: writing cert for key redicrypt/1pw-scim-bridge.sport-thieme.de+token
redicrypt: writing cert for key redicrypt/EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc+http-01
acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/905231191" for domain "1pw-scim-bridge.sport-thieme.de": no viable challenge type found
acme/autocert: missing certificate

But when I take a look at https://acme-v02.api.letsencrypt.org/acme/authz-v3/905231191 the token should be AQEEgVcKDN6IrNjILYV2XW-HB1T8fIbkiaghUDNXAFw and not EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc.

So he offers the challenge for the wrong token:
http://1pw-scim-bridge.sport-thieme.de/.well-known/acme-challenge/EW2KgY3JhXol7v-_cwY0Cis7mnt0UFr5PlA1rIXmVwc
...and not the right one...
http://1pw-scim-bridge.sport-thieme.de/.well-known/acme-challenge/AQEEgVcKDN6IrNjILYV2XW-HB1T8fIbkiaghUDNXAFw
...and so hes absoluty right telling me "no viable challenge type found", but why!?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Wrong LetsEncrypt-Token

Comments

  • graham_1Pgraham_1P

    Team Member

    Hi @WilhelmW

    Am I correct in thinking you have just upgraded from an earlier version of the SCIM Bridge?

    We use redicrypt to avoid having to recreate the LetsEncrypt certificate every time you restart your bridge. It is plausible, if you have upgraded just the SCIM Bridge, that the SCIM Bridge is selecting the incorrect certificate, thus giving the incorrect challenge.

    Try completely removing the redis instance, or if it contains information from other services, removing the two redicrypt entries for the SCIM Bridge. Then restart your Bridge. It should recreate the AMCEv2 certificate and serve the correct challenge.

    In the meantime, I will see if I can reproduce your problem.

    Graham

  • WilhelmWWilhelmW
    edited October 2019

    I thought I found the solution, but no :(

  • I removed the whole kubernetes cluster
    set up a new one following the instructions from https://support.1password.com/scim-deploy-azure/
    and I still get the same error...

  • cohixcohix

    Team Member

    @WilhelmW I do believe you've emailed in to our support? Is there anything else we can help with here?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file