DSS | : fire : Dynamic Style Sheets | GCP library

What about this (this does not require Java 11 while toArray(String[][]::new) requires)

It depends on what you used for the $keyFile in your script.

A default name should be part of the /home/pi/.ssh/id_xxx names considered during an SSH session.
But a non-default name would need to be specified in an ~/.ssh/config: double-check if you have one.

Also, in your script, to be sure, don't use ~/.ssh, but /home/$USER/.ssh consistently, to avoid any mistake when the shell substitutes ~.

Your code looks a bit cryptic to me. I don't understand why do you need the arr array if you nowhere use it. Etc.

But whatever. Suppose the code works fine and all you need is to save a PDF file with landscape orientation. In this case you need to replace these lines in your code:

What you're doing wrong is putting the CRLs into the CMS signature container element generally used for CRLs. In case of integrated PDF signatures, though, the situation is different; here CRLs are expected in a special signed attribute instead.

Have a look at ISO 32000-1 where this attribute already is specified:

The PKCS#7 object should contain the following:

...

• Revocation information as an signed attribute (PDF 1.6): This attribute may include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates. Since revocation information is a signed attribute, it must be obtained before the computation of the digital signature. This means that the software used by the signer must be able to construct the certification path and the associated revocation information. If one of the elements cannot be obtained (e.g. no connection is possible), a signature with this attribute will not be possible.

...

12.8.3.3.2 Revocation Information

The adbe Revocation Information attribute:

Your server/device seems to require some dummy keyboard interactive authentication:

TL;DR Your config file "github" entry should look like this:

After further reproduction I've noticed that in the question there is a miss-match between the NGINX Ingress controllers.

There are 2 similarly named Ingress controllers:

• Github.com: NginxInc: Kubernetes Ingress - for this purpose let's name it: nginx-inc
• Github.com: Kubernetes: Ingress Nginx - for this purpose let's name it: nginx

This are 2 separate products where the differences are explained here:

• Github.com: NginxInc: Kubernetes Ingress: Docs: Nginx ingress controllers

Due to this Configmap key:

• use-http2: "true"

I've incorrectly assumed that we are talking about the nginx where in fact it was the nginx-inc (I've missed the link of $ helm repo add). This field is specific to the nginx and will not work with the nginx-inc.

I've managed to find a way to enable the HTTP/2 support with the nginx-inc. Change:

• from: use-http2: "true"
• to: http2: "true"

More explanation can be found here:

• Docs.nginx.com: Nginx Ingress Controller: Configuration: Global configuration: Configmap resource: Listeners

Below part is more of a general approach to the support of HTTP/2 on GKE with Ingress.

A side note!

Even without the tls part in the YAML manifest it's possible to use HTTPS due to the Fake Ingress Controller certificate

As pointed in the following github issue:

aledbf commented on 28 Mar 2019

NGINX does not support HTTP/1.x and HTTP/2 at the same time on a cleartext (non-TLS) port. That's the reason why it works only when HTTPS is used.

-- Github.com: Kubernetes: Ingress nginx: Issue: HTTP2 support

As stated to enable HTTP/2 you will need to have the tls part (certificate) configured in your Ingress resource.

Here you can find the documentation to help you with the process:

• Kubernetes.github.io: Ingress nginx: Examples: TLS termination

I've used your setup on the GKE version 1.20.5-gke.2000 (the Helm part) and here is what I found.

Querying the external IP of your Ingress controller with HTTP request will allow you to use HTTP/1.1.

After I've configured the certificate to use with the Ingress resource (and domain name), I could get the response stating that I'm using HTTP/2:

You can check it with various measures like cURL or online HTTP/2 test sites:

• curl -v -k https://DOMAIN.NAME

So the issue was I was using the wrong username, but it was still throwing a key authentication error.

Per @martin-prikryl's request, I attempted to connect using PuTTY, and found a nice tutorial specifically using PuTTY to SSH into Bluehost.

I had first written a script for FTP, and that used the Bluehost FTP account you can specifically create on their site. When I decided to write my SSH script, I used the same username. Alas, but for SSH, Bluehost wants the main login's username, NOT the FTP account one.

But it still recognizes the username on some level, but then the key is not linked to it, thus the key authentication error.

So I used PuTTy with the main username and that worked fine.

I then updated my script (credit to this stackoverflow post)

My new script that uploads an entire dir to bluehost using SSH:

I have been able to solve this and will explain how.

My issue was my password was not being accepted even after resetting the password in the droplet.

"Password not accepted in the console" info can be found here https://docs.digitalocean.com/products/droplets/resources/troubleshooting-ssh/authentication/

I followed the Boot into the Recovery process linked here: https://docs.digitalocean.com/products/droplets/resources/recovery-iso/#boot-into-the-recovery-iso

• Power down or stop droplet
• Select boot from recovery ISO
• Turned on the droplet again
• clicked the console

At this stage I was present with a list of options.

1. Mount your Disk Image [Not Mounted]
2. Check Filesystem
3. Reset Droplet Root Password
4. Configure Keyboard
5. Attempt to 'chroot' into installed system
6. Interactive Shell [/bin/bash] Choose (1-6) and press Enter to continue.

• I selected option 1, then 3, followed by 6.

• After this I powered off the droplet and selected boot from hard drive.

• Accessing the console I was able to login and enter the password which was accepted and the ghost install began and completed successfully.

I hope this helps anyone who is experiencing the same issue.