eggsampler / acme Goto Github PK
View Code? Open in Web Editor NEWGo client library implementation for ACME v2 (RFC8555)
License: MIT License
Go client library implementation for ACME v2 (RFC8555)
License: MIT License
Hey there!
Thanks for the awesome minimalist library!
I was able to get letsencrypt cert by looking at examples/certbot/certbot.go
with dns-01 challenge.
Now the question is how do I renew the the cert? I can't seem to find the renew methods on the client, which suggests that renewal process is using the same mechanisms as issuing a new one. Are the steps exactly the same or ...?
Thanks a lot in advance!
Work is proceeding on the addition of the "dns-account-01" challenge type to Boulder and Pebble via:
This new challenge is documented in draft-ietf-acme-scoped-dns-challenges/.
A preliminary implementation is available in https://github.com/fastly/pebble/tree/add-dns-account-01.
https://github.com/eggsampler/acme would benefit from supporting this new challenge type.
I am trying to use this package to connect to the LetsEncrypt/Pebble server during development.
When I try the example "certbot" code, it works for the LetsEncrypt staging server, ... but it fails for the LetsEncrypt/Pebble server (since I presume Pebble signs its own certificates, and therefore the CA is not a recognized authority).
2018/11/02 23:11:49 Error connecting to acme directory: acme: error fetching response: Get https://localhost:14000/dir: x509: certificate signed by unknown authority
During the TLS handshake between the example "certbot" code and the Pebble server, ... how can I specify the InsecureSkipVerify option?? I can't find any way in this ACME package to pass this option when creating the client.
Can this option be supported in this ACME package? It would really help when developing new code.
Investigate adding support for a CI service (such as travis-ci) to run tests against boulder/pebble instances.
Towards testing against both pebble and boulder, tests need to be separated and generified.
Testing against pebble as well as boulder should help pick up any potential issues either against spec or implementation details.
Multiple domain names are not supported
Creating new order for domains: [www.aaa.com aaa.com]
2019/06/14 15:23:49 Error creating new order: acme: error code 400 "urn:ietf:params:acme:error:rejectedIdentifier": Error creating new order :: Invalid character in DNS name
wildcard domain names ( ChallengeTypeDNS01)
acme: error code 400 "urn:ietf:params:acme:error:rejectedIdentifier": Error creating new order :: DNS name had a malformed wildcard label
Add semantic versioning tags for commits as a release, ideally targeting vgo support.
I am trying to test against pebble, https://github.com/letsencrypt/pebble , that I run locally. I am getting an error at https://github.com/eggsampler/acme/blob/master/order.go#L20 :
acme: error code 400 "urn:ietf:params:acme:error:malformed": Key ID (kid) in JWS header missing expected URL prefix
Any clues?
From master as of this post:
$ go version
go version go1.13.4 linux/amd64
$ go build
go: finding github.com/eggsampler/acme v1.0.0
go: finding github.com/eggsampler/acme/v2 v2.0.1
go: downloading github.com/eggsampler/acme/v2 v2.0.1
go: downloading github.com/eggsampler/acme v1.0.0
go: extracting github.com/eggsampler/acme v1.0.0
go: extracting github.com/eggsampler/acme/v2 v2.0.1
# github.com/eggsampler/acme/v3/examples/certbot
./certbot.go:227:38: not enough arguments in call to client.UpdateAccount
have (acme.Account, []string...)
want (acme.Account, bool, ...string)
please, would you have an example with dns-challenge besides http-challenge?
Hello,
I don't see any handlers for the certbot.go demo, meaning how would it response to the http challenge?
I am getting this error:
2018/09/07 19:59:33 Error updating authorization example.com challenge: acme: error code 400 "urn:ietf:params:acme:error:connection": Fetching http://example.com/.well-known/acme-challenge/abc123: Connection refused
I realize this is a demo just want to make sure I am not missing anything :)
Run demo to display this error
The file account.json exists,
account.json------------------------------------
{"privateKey":{"Curve":{"P":115792089210356248762697446949407573530086143415290314195533631308867097853951,"N":115792089210356248762697446949407573529996955224135760342422259061068512044369,"B":41058363725152142129326129780047268409114441015993725554835256314039467401291,"Gx":48439561293906451759052585252797914202762949526041747995844080717082404635286,"Gy":36134250956749795798585127919587881956611106672985015071877198253568414405109,"BitSize":256,"Name":"P-256"},"X":41178151817122239433356222411489439804372075567845109400219748159912996694009,"Y":24826081506640848655063590742050469683068455586774664253397080240470785724093,"D":862554419784806997692513240127725874318132151522119685122473463896162066354},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/11906772"}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.