eggsampler / acme Goto Github PK

Investigate adding support for a CI service (such as travis-ci) to run tests against boulder/pebble instances.

Towards testing against both pebble and boulder, tests need to be separated and generified.

Testing against pebble as well as boulder should help pick up any potential issues either against spec or implementation details.

Run demo to display this error
The file account.json exists,

account.json------------------------------------

{"privateKey":{"Curve":{"P":115792089210356248762697446949407573530086143415290314195533631308867097853951,"N":115792089210356248762697446949407573529996955224135760342422259061068512044369,"B":41058363725152142129326129780047268409114441015993725554835256314039467401291,"Gx":48439561293906451759052585252797914202762949526041747995844080717082404635286,"Gy":36134250956749795798585127919587881956611106672985015071877198253568414405109,"BitSize":256,"Name":"P-256"},"X":41178151817122239433356222411489439804372075567845109400219748159912996694009,"Y":24826081506640848655063590742050469683068455586774664253397080240470785724093,"D":862554419784806997692513240127725874318132151522119685122473463896162066354},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/11906772"}

Add semantic versioning tags for commits as a release, ideally targeting vgo support.

Hey there!

Thanks for the awesome minimalist library!

I was able to get letsencrypt cert by looking at examples/certbot/certbot.go with dns-01 challenge.

Now the question is how do I renew the the cert? I can't seem to find the renew methods on the client, which suggests that renewal process is using the same mechanisms as issuing a new one. Are the steps exactly the same or ...?

Thanks a lot in advance!

I am trying to use this package to connect to the LetsEncrypt/Pebble server during development.

When I try the example "certbot" code, it works for the LetsEncrypt staging server, ... but it fails for the LetsEncrypt/Pebble server (since I presume Pebble signs its own certificates, and therefore the CA is not a recognized authority).

2018/11/02 23:11:49 Error connecting to acme directory: acme: error fetching response: Get https://localhost:14000/dir: x509: certificate signed by unknown authority

During the TLS handshake between the example "certbot" code and the Pebble server, ... how can I specify the InsecureSkipVerify option?? I can't find any way in this ACME package to pass this option when creating the client.

Can this option be supported in this ACME package? It would really help when developing new code.

Hello,

I don't see any handlers for the certbot.go demo, meaning how would it response to the http challenge?

I am getting this error:

2018/09/07 19:59:33 Error updating authorization example.com challenge: acme: error code 400 "urn:ietf:params:acme:error:connection": Fetching http://example.com/.well-known/acme-challenge/abc123: Connection refused

I realize this is a demo just want to make sure I am not missing anything :)

From master as of this post:

$ go version
go version go1.13.4 linux/amd64
$ go build
go: finding github.com/eggsampler/acme v1.0.0
go: finding github.com/eggsampler/acme/v2 v2.0.1
go: downloading github.com/eggsampler/acme/v2 v2.0.1
go: downloading github.com/eggsampler/acme v1.0.0
go: extracting github.com/eggsampler/acme v1.0.0
go: extracting github.com/eggsampler/acme/v2 v2.0.1
# github.com/eggsampler/acme/v3/examples/certbot
./certbot.go:227:38: not enough arguments in call to client.UpdateAccount
        have (acme.Account, []string...)
        want (acme.Account, bool, ...string)

please, would you have an example with dns-challenge besides http-challenge?

I am trying to test against pebble, https://github.com/letsencrypt/pebble , that I run locally. I am getting an error at https://github.com/eggsampler/acme/blob/master/order.go#L20 :

acme: error code 400 "urn:ietf:params:acme:error:malformed": Key ID (kid) in JWS header missing expected URL prefix

Any clues?

Multiple domain names are not supported
Creating new order for domains: [www.aaa.com aaa.com]
2019/06/14 15:23:49 Error creating new order: acme: error code 400 "urn:ietf:params:acme:error:rejectedIdentifier": Error creating new order :: Invalid character in DNS name
wildcard domain names ( ChallengeTypeDNS01)
acme: error code 400 "urn:ietf:params:acme:error:rejectedIdentifier": Error creating new order :: DNS name had a malformed wildcard label

Work is proceeding on the addition of the "dns-account-01" challenge type to Boulder and Pebble via:

• letsencrypt/boulder#7240
• letsencrypt/pebble#425

This new challenge is documented in draft-ietf-acme-scoped-dns-challenges/.

A preliminary implementation is available in https://github.com/fastly/pebble/tree/add-dns-account-01.

https://github.com/eggsampler/acme would benefit from supporting this new challenge type.