โJuh-Neh-Geeโ (or in IPA: โdส nรฆ ษกiหโ)
I'm a father, husband, science and technology enthusiast, IT nerd.
I โค๏ธ #ruby #elixir #crystal #kubernetes #linux
๐ Pronouns: He/Him
๐ซ How to reach me:
Ruby ACME v2 Certificate Issuer
License: MIT License
Hi, it's me again :)
I'm not sure if I'm doing something wrong but when trying to request a cert with certbot like so:
certbot certonly --server http://acme.example.com:9292/acme/directory --domain ldap.example.com --standalone
I get this error:
An unexpected error occurred: acme.errors.ClientError: "up" Link header missing
I'm sure I must have overlooked something - can you tell me what I'm doing wrong?
Thanks!
The keyChange is provided by the directory, but it isn't actually supported yet...
the expected challenge thumbprint doesn't match the one provided by the certbot server.
not sure how certbot even learns what thumbprint it should provide so I couldn't debug more, sorry.
this is what I have (I added the debug output):
`10.9.10.10 - - [28/Jan/2024:06:24:32 +0000] "POST /acme/authorizations/4 HTTP/1.1" 200 - 0.0091
D, [2024-01-28T06:24:32.407556 #24341] DEBUG -- : HTTP-01 connected to http://ldap.example.com/.well-known/acme-challenge/Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn
D, [2024-01-28T06:24:32.410131 #24341] DEBUG -- : Chlnge Token: Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn, thumbprint: fd95c98168b6eba6f84c29400ec4562e5d1196e5bff710b8a5e755a7d421f21b
D, [2024-01-28T06:24:32.410201 #24341] DEBUG -- : Result Token: Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn, thumbprint: 6KTbsniqZCH95q3Zp0gCGGf6vH9EI0muO054n4LKm_Q`
Hello,
when trying to use this for a new CA I get this error when trying to create a new account.
OpenSSL::PKey::PKeyError - pkeys are immutable on OpenSSL 3.0
This seems to be a problem in lib/bullion/helpers/ssl.rb:48
.
Any chance you could fix this for use with OpenSSL 3.0?
Thanks!
Most modern CA's support OCSP and so should Bullion.
There aren't any rspec tests for the challenge clients. This requires controlling how the clients actually perform their challenge verification.
The revokeCert is provided by the directory, but it isn't actually supported yet...
Technically, it should be possible to support ECDSA for certificates, but it needs to be verified via testing.
While the current CI process produces a Docker image, it isn't published automatically yet. Roxanne is capable of this, so this functionality should be added.
Current testing doesn't cover actual challenge thumbprint verification because of the rspec challenge clients.
Given the abstract Bullion::ChallengeClient
class, it should be possible to modularize challenge clients to support custom types for non-standard use-cases.
Bullion should be refactored to support custom plugins for new challenge types.
Hi,
I'm not sure how to describe this but issued certificates seem invalid.
I checked the fullchain.pem on https://tools.keycdn.com/ssl and it is not happy.
openssl verify
also gives me this:
error 7 at 0 depth lookup: certificate signature failure
If you need more info let me know.
Edit: I'm still using certbot
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.