grindsa / acme2certifier Goto Github PK

I'm having issues with cert-manager when issuing wildcard certificates using DNS01 challenges. Cert-manager presents the challenge incorrectly because the authorization object does not contain the wildcard field with value true.

According to the ACME spec:

wildcard (optional, boolean):  This field MUST be present and true
      for authorizations created as a result of a newOrder request
      containing a DNS identifier with a value that was a wildcard
      domain name.  For other authorizations, it MUST be absent.

So when trying to issue a wildcard certificate for *.example.com, cert-manager sees that the wildcard-field is missing from the authorization object and so assumes that the certificate is NOT a wildcard certificate. This results in cert-manager creating a TXT record of _acme-challenge.*.example.com instead of _acme-challenge.example.com and so the challenge validation never succeeds.

I have an issue with cert-manager and DNS challenges with acme2proxy. When I try to issue a certificate for a service in domain example.com which does not run in port 80, the get authorization endpoint times out because acme2certifier tries to solve a HTTP challenge by trying to connect to http://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxx). This hangs the request for long which causes a gateway timeout.

It prevents cert-manager from functioning, because when it tries to sync the Challenge-resource, cert-manager makes a getAuthorization request (https://acme-server.com/acme/authz/xxxxxxxxx). The call has a 10s timeout and so the sync just fails with "context deadline exceeded".

Is the ACME server supposed to try to solve the challenge when requesting the authorization information and does it have to try to do it with challenge types other than the requested DNS?

Hi,

I have been having issues with Certbot requesting a certificate when the ACME server (0.15) is Django/MySQL backed.
Interestingly acme.sh is working fine.

Certbot logs

sudo certbot certonly --server https://xxx --standalone --preferred-challenges http -d certbot-1.example.com -d certbot-2.example.com --cert-name certbot-test Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Requesting a certificate for certbot-1.example.com and certbot-2.example.com An unexpected error occurred: DeserializationError: Deserialization error: Could not decode 'challenges' ([{u'url': u'https://xxx/acme/chall/iiMvleTMIAeK', u'token': u'AkhhTaIxIRjw1b7a8mfH5xSERRihhpID', u'type': u'http-01'}, {u'url': u'https://xxx/acme/chall/VRpdW3qjyLxc', u'token': u'AkhhTaIxIRjw1b7a8mfH5xSERRihhpID', u'type': u'dns-01'}, {}]): Deserialization error: missing type field Please see the logfiles in /var/log/letsencrypt for more details.

Server logs

[Wed May 12 12:17:40.484018 2021] [wsgi:error] [pid 16:tid 140089995077376] [remote 10.131.22.80:58452] 10.131.22.80 /acme/newnonce {'header': {'Replay-Nonce': '- modified -'}} [Wed May 12 12:17:40.587852 2021] [wsgi:error] [pid 16:tid 140089963607808] [remote 10.131.22.80:58452] 10.131.22.80 /acme/neworders {'header': {'Replay-Nonce': '- modified -'}} [Wed May 12 12:17:40.687221 2021] [wsgi:error] [pid 16:tid 140089995077376] [remote 10.131.22.80:58452] acme2certifier database error in Challenge._new(): (1406, "Data too long for column 'type' at row 1") [Wed May 12 12:17:40.692447 2021] [wsgi:error] [pid 16:tid 140089995077376] [remote 10.131.22.80:58452] 10.131.22.80 /acme/authz/ILRKCOcPKNVD {'data': {'expires': '2021-05-13T12:17:40Z', 'status': 'pending', 'identifier': {'type': 'dns', 'value': 'certbot-1.example.com'}, 'challenges': [{'type': 'http-01', 'url': 'https://xxx/acme/chall/iiMvleTMIAeK', 'token': '- modified - '}, {'type': 'dns-01', 'url': 'https://xxx/acme/chall/VRpdW3qjyLxc', 'token': '- modified - '}, {}]}, 'code': 200, 'header': {'Replay-Nonce': '- modified -'}}

Hi,

first thanks for the amazing work on this project.

With the recent introduction of EAB support I was wondering if new account requests could also leave a trail in the database to see which EAB_key_id was used to register an account?

In this way we can ensure we know exactly which ACME account is associated with a specific EAB account.

Hello, I am sure that I am doing something wrong with the configuration.

I am trying to run from the container (the one from Docker Hub) and try to configure it to 'talk' to our local CA server (which is Microsoft Certificate Enrollment Services.

The 'connection' test passes for NTLM when I test my CA's admin user, so I assume that I can 'talk' to the CA.

Following the documentation, I replace ca_handler.py with examples/mscertsrv_ca_handler.py' and I update the acme_srv.cfg file with the details under '[CAhandler] section.

When I test using acme.sh, it fails but I think that it is not even connecting to MS Cert Enrollment Services, because when I use tshark I don't see any outgoing TCP connections to this server...

Any help would be appreciated - it would be great the be able to generate the SSL certs automatically and not by hand...

Where could we buy a commercial license and what price range should we expect?

What would be the best way to get notified about unexpected errors?

Background: I once forgot to run db_update.py after an update and acme2certifier rightfully failed to issue certificates since then. I did not notice this, until my generic "your certificate is soon outdated" warning on the clients kicked in - which is quite some time after I broke the database. I plan to use acme2certifier in an environment, where I do not monitor all clients (because I do not run them), but still want to get notified early if something is broken.

I'm running acme2certifier as uwsgi plugin under nginx started by systemd. I'm thinking of some "emergency notification", which kicks in, when something unexpected happens. Emitting some recognizable line to the system log (which I then can filter with logwatch) is one idea I have. Would this be something, that could cover all/most cases of "unexpected errors"?

Hi,

I'm trying to get acme2certifier running on arch linux behind nginx with openssl backend. I'm testing with certbot as client. It works until the point, that acme2certifier tries to save the certificates locally and fails, because it claims cert_save_path was not set - but it is set in the config

debug: False

[Nonce]
# disable nonce check. THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugging purposes
nonce_check_disable: False

[CAhandler]
issuing_ca_key: acme/ca/signing-ca.key
issuing_ca_cert: acme/ca/signing-ca.crt
issuing_ca_crl: acme/ca/signing-ca.crl
cert_validity_days: 30
cert_save_path: acme/ca/certs
ca_cert_chain_list: ["/etc/simple-pki/ca/root-ca.crt"]

[Certificate]
revocation_reason_check_disable: False

[Challenge]
# when true disable challenge validation. Challenge will be set to 'valid' without further checking
# THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugging purposes
challenge_validation_disable: False

[Order]
tnauthlist_support: False```
and even hard-coding it in `acme/ca_handler.py` (which I copied from `examples/ca_handlers/openssl_ca_handler.py` per the instructions) leaves it unset.
I have the feeling, that a completely different file is being used, but grepping through the sources, cert_save_path only appears in those two python files and my config. Any idea, what might be wrong or what I should look at?

regards,
deep-42-thought

Very nice to see that you support CMP, using the cmpossl client.
Yet please note that https://github.com/mpeylo/cmpossl/ has become obsolete due to the inclusion of CMP into OpenSSL 3.0.
A further, partly even more recent alternative is the generic CMP client: https://github.com/siemens/gencmpclient
which offers a more convenient API and provides basically the same CLI options.

Hello,

The "acme" package name clashes with the python-acme client library. This is especially annoying for me since I need to use another ACME responder as the back-end.

If you used relative imports in your code, I think I could work around the problem, but as it is, I'll have to rename the package in every file.

Thanks for your consideration.

https://github.com/grindsa/acme2certifier/blob/master/docs/install_nginx_wsgi.md is called "Installation as WSGI-script running on NGINX" but the article is about apache and is a duplicate of https://github.com/grindsa/acme2certifier/blob/master/docs/install_apache2_wsgi.md

Hello,

db column identifiers varchar (1048) in table acme_order seems a bit small considering that any DNS alt name will consume ~50 chars or so.
I think the db column should be somewhat aligned with theoretical limits of alt names. Running into this limit is now easily possible even with just 20 alt names but public CAs seem to support up to 2000 alt names, see the discussion in: https://discuss.httparchive.org/t/san-certificates-how-many-alt-names-are-too-many/1867

Would it make sense to raise the limits here?

Hi,

I am using cert-manager to acme2certificer to microsoft ADCS.

When I deploy an application in kubernetes, cert-manager does ask for a certificate, everything is going perfectly, I get the certificate well.

In cert-manager, challenges and orders are validated, but at the end I have new order requests, and it loops indefinitely.

The order id changes with each new request. And I don't see any error in acme2certificer nor in cert-manager.

I am attaching the logs of cert-manager and acme2certifier.

Do you have any idea of the problem.

Thank you in advance.
best regards.
acme2certifier-test2.log
certmanager-test2.log

In https://github.com/grindsa/acme2certifier/blob/master/docs/ca_handler.md there is the sentence
The stub_handler.py contains a skeleton which can be used to create customized ca_handlers. with the link to https://github.com/grindsa/acme2certifier/blob/master/docs/examples/ca_handler/skeleton_ca_handler.py which lead to 404

I wanted to switch from a pure git checkout to an orderly installation, but: python setup.py build fails with:

running build
running build_py
error: package directory 'acme2certifier' does not exist

Additionally, I noticed, your Licenses differ (MIT is given in setup.py, while the LICENSE file says GPL3).

Our Microsoft PKI server issuing certificates fine but without Subject/Common name, all issued certificates have only Subject Alternative Name, no CN.
Any idea how to solve this issue without using other acme-clients like acme.sh or lego?

Hi grindelsack,

it would be nice to have configurable (depending on the to-be-validated tld) proxies for outgoing connections.
My use case is an acme server which (also) validates onion addresses by passing this traffic through tor.

Do you think, that this is a useful feature, or should I rather look to implement this somehow else (set up dns resolution for .onion, add suitable routes and some iptables/socks-magic for tor)?

regards,
Erich

fqdn_resolve() in acme/helper.py does not query AAAA records and thus does not find host names, that only resolve to ipv6 addresses. For whatever reason, this has not been an issue in the past (I cannot git-blame it on any commit), but I think, it should be fixed anyways :-)

when requesting certificates via DNS-01 challange and using domain wildcard like *.example.com, acme2certifier tries to request TXT records with *
following client request produced specific DNS requests:
acme.sh --server http://acme2certifier_srv_1 --renew -d *.example.com --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --output-insecure --force
DNS queries:
TXT? _acme-challenge.*.example.com. (47)
NXDomain 0/1/0 (103)
TXT? _acme-challenge.*.example.com. (47)
NXDomain 0/1/0 (103)
TXT? _acme-challenge.*.example.com. (47)
NXDomain 0/1/0 (103)
TXT? _acme-challenge.*.example.com. (47)
NXDomain 0/1/0 (103)

Wiki page "Containerized installation" has text "Containerized installation using apache2/nginx as webserver and wsgi or django" and a link "acme2certifer in Docker". The link goes to URL https://github.com/grindsa/acme2certifier/examples/Docker and results in a 404 error. Looks like the correct URL should be
https://github.com/grindsa/acme2certifier/tree/master/examples/Docker

Regarding these wiki pages:

• Containerized installation using apache2 as webserver and wsgi or django
• Containerized installation using apache2 or nginx as webserver and wsgi or django

Both pages are very similar and it looks like the latter is the same as https://github.com/grindsa/acme2certifier/tree/master/examples/Docker. Would you consider deleting both pages because the first looks a bit outdated and the latter has the same info as the link on page "Containerized installation"?

Currently, acme2certifier supports the Microsoft Certification Authority Web Enrollment Service via HTTPS. It would be great to also support the Windows Client Certificate Enrollment Protocol over DCOM.

The implementation could take the code from https://github.com/ly4k/Certipy as an inspiration, which itself uses impacket.

I would be happy to create a PR for this handler.

After implementing 486e358 application tests fail as we are using the hostname acme-sh as SAN. As result Helper.fqdn_resolve() failes as it expects a fqdn as input. 8e2180d as been implemented as temporary fix but we should change the application testing workflow midterm.

is there a container url http to safely healthcheck?

I'm using example/ca_handler/cmp_ca_handler.py as a ca_handler and example/db_handler/wsgi_handler.py as a db_handler; my acme/acme_srv.cfg is

[DEFAULT]
debug: False

[Nonce]
# disable nonce check. THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugging purposes
nonce_check_disable: False

[CAhandler]
# CA specific options
api_host: "https://acme-v02.api.letsencrypt.org/directory"

[Certificate]
revocation_reason_check_disable: False

[Challenge]
# when true disable challenge validation. Challenge will be set to 'valid' without further checking
# THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugging purposes
challenge_validation_disable: False

[Order]
tnauthlist_support: False

So in the used ca_handler on lines 186-188 in the function load_config() there are strings:

# create temp dir if needed
if not os.path.exists(self.tmp_dir):
   os.makedirs(self.tmp_dir)

Those may throw a TypeError if self.tmp_dir is None. I think it should be something like:

if self.tmp_dir is not  None and  if not os.path.exists(self.tmp_dir):
   os.makedirs(self.tmp_dir)

The handling of timezones in docker-compose is a bit britle as it it is very specific to being run off of an Ubuntu host platform. /etc/timezone doesn't exist in Fedora for instance. Using the TZ environment variable is more robust. PR incoming for this.

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('expired'): Deserialization error: Status not recognized.

Workaround: disabling expiration check for authorizations in acme_srv.cfg

[Authorization]
validity: 172800
expiry_check_disable: True

Dear @grindsa,
Thanks a million for uploading acme2certifier to Github. I'm currently evaluating whether I can use it for my - quite special - use case.

I had a look at https://github.com/grindsa/acme2certifier/blob/master/docs/ca_handler.md and I'm not sure whether I can simply implement enroll. As far as I've understood your code, enroll basically gets a CSR and immediately returns the certificate.

My setup is as follows:

• I have access to a SOAP-based web service (which I cannot change)
• This service issues certificates for a certain subdomain

I've implemented a SOAP client according to the spec of the server-side that can request certificates as follows:

• Send the request (i.e., the CSR) to the SOAP server
• Poll the SOAP server until the certificate is available

I assume that I cannot block enroll for some (probably quite long time) until the certificate is available. Is this correct? Is there any way to change the current behaviour such that enroll would invoke a callback once the certificate is available?

Best,
Dennis

I'm using the openssl backend and would like to restrict the CN (and SANs) of the certificates that can be issued via acme to certain TLDs.
I can think of three approaches:

1. Configure a custom dns server which only answers queries for those TLDs
2. Filter the CN (and SANs) with a regex/whitelist
3. Sign the intermediate CA in a way, that restricts which CNs are allowed to be issued by the intermediate CA (some kind of "limited signature from the root CA")

What do you think, would be the best approach? (Is 3 even possible?)

I'm running latest acme2certifier and noticed DNS validation doesn't work and prompt "orderNotReady"

When checking the DNS queries send by acme2certifier host, I noticed record types are A or AAA.
however, acme2certifier should query TXT.

I tried using both, dns_server_list in config and system DNS server.

My system is running as docker container.

Hi, thanks for the good work.
I would just like to report that the content-type of the failing responses should be changed as follows:

ContentType: application/problem+json

as indicated in https://datatracker.ietf.org/doc/html/rfc8555 and https://datatracker.ietf.org/doc/html/rfc7807

First of all, really nice project! But sadly I stumbled upon a little problem on key rollover functionality...
Is this a bug or am I misinterpreting the RFC?

According to RFC 8555 (https://tools.ietf.org/html/rfc8555#section-7.3.5) spec the inner JWS should not contain nonce header.

o The inner JWS MUST omit the "nonce" header parameter.

When using the master, the key rollover process fails to "urn:ietf:params:acme:error:badNonce" error message in Account._key_change function and this is because it tries to validate nonce from inner JWS headers but it does not exist.

1. Debug log of the key rollover process:

Directory._config_load()
load_config(./acme/acme_srv.cfg:Directory)
CAhandler._config_load() ended
127.0.0.1 /directory
Directory.directory_get()
[pid: 3687|app: 0|req: 7/7] 127.0.0.1 () {26 vars in 365 bytes} [Thu Jul 23 10:03:42 2020] GET /directory => generated 592 bytes in 3 msecs (HTTP/1.1 200) 1 headers in 51 bytes (1 switches on core 0)
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: 4390a4cbd579469aaa16488ed196d625
DBStore.nonce_add(4390a4cbd579469aaa16488ed196d625)
DBStore.nonce_add() ended
Nonce.generate_and_add() ended with:4390a4cbd579469aaa16488ed196d625
[pid: 3687|app: 0|req: 8/8] 127.0.0.1 () {24 vars in 346 bytes} [Thu Jul 23 10:03:42 2020] HEAD /acme/newnonce => generated 0 bytes in 6 msecs (HTTP/1.1 200) 2 headers in 93 bytes (0 switches on core 0)
_config_load()
_config_load()
Account.parse()
Message.check()
decode_message()
Nonce.check_nonce()
Nonce.nonce._check_and_delete(4390a4cbd579469aaa16488ed196d625)
DBStore.nonce_check(4390a4cbd579469aaa16488ed196d625)
DBStore.nonce_check() ended
DBStore.nonce_delete(4390a4cbd579469aaa16488ed196d625)
DBStore.nonce_delete() ended
Nonce._check_and_delete() ended with:200
Nonce.check_nonce() ended with:200
Message._name_get()
kid: http://localhost:8888/acme/acct/QnH7J78o8Pkj
Message._name_get() returns: QnH7J78o8Pkj
Signature.check(QnH7J78o8Pkj)
check signature against account key
Signature._jwk_load(QnH7J78o8Pkj)
DBStore.jwk_load(QnH7J78o8Pkj)
DBStore._account_search(column:name, pattern:QnH7J78o8Pkj)
DBStore._account_search() ended with: True
DBStore.jwk_load() ended with: {u'y': u'6QnBwKWfIGK2CLZSUT6E4jNRRIjKFdo45K-fOAjXtl0', u'x': u'd6x9rBDj91g7CZIPB3T8xKqL3u1P2Fj_kJShvCAfuzE', u'crv': u'P-256', u'kty': u'EC', 'alg': u'ES256'}
signature_check()
Signature.check() ended with: True:None
Message.check() ended with:200
Account._key_change(QnH7J78o8Pkj)
Message.check()
decode_message()
Nonce.check_nonce()
Nonce.check_nonce() ended with:400
Message.check() ended with:400
Message.prepare_response()
Error.enrich_error()
Error.acme_errormessage(urn:ietf:params:acme:error:badNonce)
Account.account_parse() returns: {"header": {}, "code": 400, "data": {"status": 400, "message": "urn:ietf:params:acme:error:badNonce", "detail": "JWS has invalid anti-replay nonce: NONE"}}
[pid: 3687|app: 0|req: 9/9] 127.0.0.1 () {30 vars in 437 bytes} [Thu Jul 23 10:03:42 2020] POST /acme/key-change => generated 118 bytes in 21 msecs (HTTP/1.1 400) 1 headers in 60 bytes (1 switches on core 0)

2. Request

{
"payload": "eyJwYXlsb2FkIjoiZXlKaFkyTnZkVzUwSWpvaWFIUjBjRG92TDJ4dlkyRnNhRzl6ZERvNE9EZzRMMkZqYldVdllXTmpkQzgzU2taUE1uUmtlVVZUUzJvaUxDSnZiR1JMWlhraU9uc2lhM1I1SWpvaVJVTWlMQ0pqY25ZaU9pSlFMVEkxTmlJc0ltRnNaeUk2SWtWVE1qVTJJaXdpZUNJNkltTmhNM2RUTFd0NmR6Smhia1JZYm1KbGRrc3hXbEZ2WVRJMWEwWkJNR2w0UVRKRVNETkxXV3hOYlRRaUxDSjVJam9pTW1Wdk1tRnhRamhLY0VGdk4xOUlXRFpSVmpsdE1FSm5kSFJQTm1sSlMxZFRPV0k1YzFjd2FVOUhZeUo5ZlEiLCJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSkZVekkxTmlJc0ltcDNheUk2ZXlKcmRIa2lPaUpGUXlJc0ltTnlkaUk2SWxBdE1qVTJJaXdpZUNJNklreGtTRTl4YTFkc1NrRTNTSFZNTkhVMk4weE1Xa0ZZVnpoUE5FdDJVMEZmTnpkR1luaFpUa0pqVVVFaUxDSjVJam9pVW1aU01teDJSVFZ1Y2sxdlh6RTJTSHB4UW1VdFoyazNYMmxpTFhaMVYzVTBlR2hEUkdOa2QwTkxOQ0o5TENKMWNtd2lPaUpvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndllXTnRaUzlyWlhrdFkyaGhibWRsSW4wIiwic2lnbmF0dXJlIjoiNGprZ19OQVJqWEtPU3pfVFFNTzZmU3lBa091SkNKVmhiT1B6TGRRd1puWUdrSUYxSFZPdFVrbm5LODBlNlk2d05OM0x6YnNfOGVnSjJFeWdBVUhHd2cifQ",
"protected": "eyJhbGciOiJFUzI1NiIsImtpZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9hY21lL2FjY3QvN0pGTzJ0ZHlFU0tqIiwibm9uY2UiOiI2MGIxOTIxNTY3MGU0YzI3YjIyMjAyNTYyNWFiY2ZjOCIsInVybCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9hY21lL2tleS1jaGFuZ2UifQ",
"signature": "CbJsmjU4eK6PojorSzJ8_mcauT93xbcpOxOlEvPKCGPkwsnpQoXZdFyCaPaKWGh1G6yuZiswwPIy1JFK1clCXQ"
}

3. Decoded request

{
"protected": base64url({
"alg": "ES256",
"kid": "http://localhost:8888/acme/acct/7JFO2tdyESKj",
"nonce": "60b19215670e4c27b222025625abcfc8",
"url": "http://localhost:8888/acme/key-change"
}),
"payload": base64url({
"protected": base64url({
"alg": "ES256",
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "LdHOqkWlJA7HuL4u67LLZAXW8O4KvSA_77FbxYNBcQA",
"y": "RfR2lvE5nrMo_16HzqBe-gi7_ib-vuWu4xhCDcdwCK4"
},
"url": "http://localhost:8888/acme/key-change"
}),
"payload": base64url({
"account": "http://localhost:8888/acme/acct/7JFO2tdyESKj",
"oldKey": {
"kty": "EC",
"crv": "P-256",
"alg": "ES256",
"x": "ca3wS-kzw2anDXnbevK1ZQoa25kFA0ixA2DH3KYlMm4",
"y": "2eo2aqB8JpAo7_HX6QV9m0BgttO6iIKWS9b9sW0iOGc"
}
}),
"signature": "4jkg_NARjXKOSz_TQMO6fSyAkOuJCJVhbOPzLdQwZnYGkIF1HVOtUknnK80e6Y6wNN3Lzbs_8egJ2EygAUHGwg"
}),
"signature": "CbJsmjU4eK6PojorSzJ8_mcauT93xbcpOxOlEvPKCGPkwsnpQoXZdFyCaPaKWGh1G6yuZiswwPIy1JFK1clCXQ"
}

I solved the problem by creating own message.check function for key rollover process, which does not contain the nonce check (maybe not the most elegant solution).

def check_key_change_payload(self, content, use_emb_key=False):
    """ validate message """
   self.logger.debug('Message.check()')

    # disable signature check if paramter has been set
    if self.disable_dic['signature_check_disable']:
        print('**** SIGNATURE_CHECK_DISABLE!!! Security issue ****')
        skip_signature_check = True
    else:
        skip_signature_check = False

    # decode message
    (result, error_detail, protected, payload, _signature) = decode_message(self.logger, content)
    account_name = None
    if result:
        # nonce check is not needed because it must not exist in key change payload's headers

        if not skip_signature_check:
            # nonce check successful - check signature
            account_name = self._name_get(protected)
            signature = Signature(self.debug, self.server_name, self.logger)
            # we need the decoded protected header to grab a key to verify signature
            (sig_check, error, error_detail) = signature.check(account_name, content, use_emb_key, protected)
            if sig_check:
                code = 200
                message = None
                detail = None
            else:
                code = 403
                message = error
                detail = error_detail
    else:
        # message could not get decoded
        code = 400
        message = 'urn:ietf:params:acme:error:malformed'
        detail = error_detail

    self.logger.debug('Message.check() ended with:{0}'.format(code))
    return(code, message, detail, protected, payload, account_name)

I'm trying to set up a local ACME server with the mswcce ca_handler and I'm getting an error that I do not know how to debug.

The message is: ca_server.get_cert() failed with error: 2 is not a valid CSR version

I get this error with both master and with version 0.22.

The CSR is created from using certbot. When looking at the created CSR from certbot it says version 3 (0x2) .

Understanding the possibility that one System with Certificate provisioned via acme2certifier can be compromised, and consequently no possibility to start the revocation process from acme_client side, there is any way to start revocation process for an specific certificate from acme2certifier_server side, without involving acme_client?

acme_srv.db regardless of wsgi or django can grow over time and contain a lot of obsolet data.
Following suggestions to keep db more lean:

• in table "certificates" add field of cert expiration time -> this can be used to run periodically clean-up rules
• using "expires" in table "authorizaiton" and clean-up authorizations:
  DELETE * from AUTHORIZATION WHERE expires < CURRENT_TIMESTAMP
• using configuration (acme_srv.cfg) to define account expiration

It appears, that certificates are missing a common name under certain conditions. I can not really spot a pattern, but most of my certificates miss one. The acme client, I used, was certbot, the validation method http challenge and the backend openssl. I guess, I can create and share some logs, if it's needed.

This is improvement request allowing to add (optional) DNS server for challange validation.

When trying to register email/account with domain including "-", registration fails.

Registration command:
acme.sh --server http://acme-srv --register-account --accountemail "[email protected]" --debug 2 --output-insecure
[Mon Jun 29 18:33:25 UTC 2020] code='400'
[Mon Jun 29 18:33:25 UTC 2020] original='{"status": 400, "message": "urn:ietf:params:acme:error:invalidContact", "detail": "The provided contact URI was invalid: mailto:[email protected]"}'
[Mon Jun 29 18:33:25 UTC 2020] response='{"status": 400, "message":"urn:ietf:params:acme:error:invalidContact", "detail":"The provided contact URI was invalid: mailto:[email protected]"}'
[Mon Jun 29 18:33:25 UTC 2020] Register account Error: {"status": 400, "message":"urn:ietf:params:acme:error:invalidContact", "detail":"The provided contact URI was invalid: mailto:[email protected]"}

acme2certifier output:
cme-srv_1 | [Mon Jun 29 20:33:25.579465 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Signature.check() ended with: True:None
acme-srv_1 | [Mon Jun 29 20:33:25.579547 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Message.check() ended with:200
acme-srv_1 | [Mon Jun 29 20:33:25.579598 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Account._contact_check()
acme-srv_1 | [Mon Jun 29 20:33:25.579664 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] validate_email()
acme-srv_1 | [Mon Jun 29 20:33:25.580070 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] # validate: [email protected] result: False
acme-srv_1 | [Mon Jun 29 20:33:25.580121 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Account._contact_check() ended with:400
acme-srv_1 | [Mon Jun 29 20:33:25.580186 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Message.prepare_response()
acme-srv_1 | [Mon Jun 29 20:33:25.580246 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Error.enrich_error()
acme-srv_1 | [Mon Jun 29 20:33:25.580317 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Error.acme_errormessage(urn:ietf:params:acme:error:invalidContact)
acme-srv_1 | [Mon Jun 29 20:33:25.580404 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] Account.account_new() returns: {"code": 400, "header": {}, "data": {"status": 400, "message": "urn:ietf:params:acme:error:invalidContact", "detail": "The provided contact URI was invalid: mailto:[email protected]"}}
acme-srv_1 | [Mon Jun 29 20:33:25.580522 2020] [wsgi:error] [pid 15:tid 139714361964288] [remote 192.168.0.4:39014] 192.168.0.4 /acme/newaccount {'code': 400, 'header': {}, 'data': {'status': 400, 'message': 'urn:ietf:params:acme:error:invalidContact', 'detail': 'The provided contact URI was invalid: mailto:[email protected]'}}

I have opened the file called "acme/acme_srv.db" and it contains some data. I don't think it's of any importance but I would suggest making this file empty leaving only structure but not the data

I have now successfully got a ssl certificate via this acme server with openssl backend using letsencrypt's certbot via
certbot --nginx --server http://acme.example.com/directory
However, the certificate seems to be invalid somehow:
openssl s_client -host acme-client.example.com -port 443 -showcerts </dev/null gives me:

depth=0 
verify error:num=26:unsupported certificate purpose
verify return:1
depth=2 DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Root CA
verify return:1
depth=1 DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Intermediate CA
verify return:1
depth=0 
verify return:1
---
Certificate chain
 0 s:
   i:DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Intermediate CA
-----BEGIN CERTIFICATE-----
MIIEXTCCAkUCEAFKHb4hg0ycslZj/jng5lQwDQYJKoZIhvcNAQELBQAwfzETMBEG
CgmSJomT8ixkARkWA25ldDEWMBQGCgmSJomT8ixkARkWBmVja25lcjETMBEGA1UE
CgwKRWNrbmVyIE5ldDEWMBQGA1UECwwNRWNrbmVyIE5ldCBDQTEjMCEGA1UEAwwa
RWNrbmVyIE5ldCBJbnRlcm1lZGlhdGUgQ0EwHhcNMjAwNTI0MTM1NDUyWhcNMjAw
NjIzMTM1NDUyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3td/
+ACtjneCbeyxI9rVaCkO6dZnD17/3ue5CNkMTq/2S7libxI3RhqK8h2V3i/O+mhu
lqPZeXpJmcYOqNZaNQmQEpsVuyzMsGi6lxTkh9gUFXzLKdpxsipTvg2DcG8X9kbc
RjoT0qUOeTc8AYIEUawSqUXnk0OO4vbQ5iVRHTBM93osIIV7+x0luuGLHZwlwCPp
gcsOLs0vPtjAhkFwj9loVhWifjHkLS2nprejGQEGLHEC4EzuM8K91eVsat3f1q8h
p1/4Ztp0lYa76RdKq82SZRtmInbQFmX+N0/QZyVOsqnZ0A/3ZzG60ABmybnUXVZI
74IyF0Sd7OpmgWEzJQIDAQABo1kwVzAfBgNVHREEGDAWghRycGkzLmRkbnMuZWNr
bmVyLm5ldDAfBgNVHSMEGDAWgBTenbYMOz53jiJSftOn4m/hHfVokzATBgNVHSUE
DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEADnlHVkrt8m0m5+klJzks
JtebiTVK9IvkMqH0MdYW9FZwPM/0HXEghPiNvJU3K8CdWehoZqCpyQPvVP7VRqBa
8yfrezajtww0wrs3DO7LLHJvaAm7rYRD6BH7zSV1qJ3DwS1a/dYJFREK91EQ1+bj
RzCfCGLQonZPv9CqwS6fr9vSU+qRaihvgEuSczPKmoTjtkdioP4y5tqxgwQXyWn7
xn1YzQbXn7kLfuy02T4UYOO1VJ81T37EskwiyoC7Ie9/fCABm40JJEPx63FXQCuG
AbXjcBjpG9rqxlGtCpSVD7KI87QoLiA4mDA8ZFeyOnhUEqD88cJecTtSoqQyrNWN
YEL940Vvw5AF9jK0F9gg2knbIXSvZAD6AW5vKXgNNewO08Ne6RKWoWrXNdPJlkek
5Wdlb5Hfza1+mox2A34elQXeWuo3f9G08Xg8/Dv3BBvsUptAEneRFaYJDVYtCX6Q
5Ym6UAWWQ56lFTGugEpMkKoUep9x9EAeI6B4BFC6woJyi52FsuFSr30zrOFRJDg6
OrQ3+JTjX2ndTOVGFsuOgdni05nYWkTBAEbCmWZWXMhWLyraGLS5xrkvYtdi+8pj
7WVALW7UGnSFz7ohmVzluTprtAxLh6FT0D9OiYZdtxbmE12hUGZ3Shgu2TlojQpP
xdfBu8E5AyPF/IC+PvXNSro=
-----END CERTIFICATE-----
 1 s:DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Intermediate CA
   i:DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Root CA
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQB
GRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQKDApFY2tuZXIg
TmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJFY2tuZXIgTmV0
IFJvb3QgQ0EwHhcNMjAwMTE0MDg0MTA3WhcNMjEwMTEzMDg0MTA3WjB/MRMwEQYK
CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQK
DApFY2tuZXIgTmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMSMwIQYDVQQDDBpF
Y2tuZXIgTmV0IEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALpqZnilaOaHazOFOIlxyd5GJ3FyhBn01LC0XY8fU90onJrfm6kt
i8EPW4CsB0z7Y++4bnyZoqkSWBmHbDN/cCHKlJfRIwfpVSHHWlOrNy9wc+7fuCxO
rckWsbwKMyh/9oBrajtFgizyi+CwsX9ykahv8Wbwq7CVTkFFRcu+yRbRZB/NLIio
4qvcyyRsXE13nPcN3d/NLvkKfU1cW8V4zdVLgYGZqnSGI5weKzIY+1RMsjJ9ptPU
CZkmICXb0KpcX5r24KhiX26jZz3Q+Q55mNoJ9BzIZoMdbv84tWWmu+QXImTbv6rB
hLN2+XMPXMaytX7tQtFxUzCIn6AiuyJyi1OQzElJ1+WlY5RxGyY+hStDmBkPT8Cw
EU1BOX9L9M2m3icrWh4IESBHkhmv5PsIsVQJawUTHoNr+L5cBDuxv843wPzIM8+8
qA6j5o5okIX9r8uokwGhq/2Kqv3UOmwKHn5AeaBpNH2Zlwo3ANJZTtpGljf6WbR5
14sYd/Qyv4GDYmLC/WK9lRfDH3pWlbkt1B8derVcn5wGTKFLUUg816IXAYqVGP+H
jwIjoLstSQt05nWqr5hb3D7d2XJzLjqLO/h6osISbQ3NPdEcov4yEw8ktmciZXhx
RDuDY2Y9/fJ71cYAtk2kk51sp1E7FBfWskV1r1mKnc2CyArfwuAqca2tAgMBAAGj
ZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
BBTenbYMOz53jiJSftOn4m/hHfVokzAfBgNVHSMEGDAWgBSVgC7pz3zC8OpH5IP8
5PrQzxHVdjANBgkqhkiG9w0BAQUFAAOCAgEAN+ecQhG7lGiAAIU5iVf8EhJfgulB
a2N5tW07r7xI19hlKbcr6pjFAfDi3Sntjer9zvV36dMpyLGInY4a51N87gV50lN7
JACeNs96MxQfyPIg4q/tIBvkQVsV0x0Z5VG7l0pvnrt3H0IR+zc4egzE/NVr8/71
Y/PFK+XLxcGfOGCsWRhynt8Qr87dmiv1Q59LZ+s3k6sS5o6NjaNW/ksqIOprb0ez
gV21DfOQJrfrMUHNCIE7LvGjrePLdJ2YtO4xNL3wlpTlqXB+px9yZtgyEzA70cMg
nIJvalYJ/lcCPJl4UTZ0YDfqBUGKsGS8eaHUyuHRvnOWpRfvCAGwPzCUdQN58tJa
4kMdD/7JqFBLadkcQ94MJiAvQBzdey939BUfojG8H/lcXv6CUAUNpptp7hv3gBiY
5RinGac4A9VXNT5bvBCkrAFmW1k1usPhRUYiZs7tg7Kk+0CqX0BmBtizSA3zUEkB
GJgMh1uihJ8SyhYre4WPLcb7N/1uUWO+5xWjF5NwTbV/4FFvvX1FUXidAYa+OA0S
bXnQlW7eZYEJ7pFL3Z6HTkAiPZMDOEa/wFtDcIBHaZGzwkz1Wxbj42I8Ah6FsSCc
s8jqVbqkFMQzLRXNCdeVextDdKIpTsCxNFyanx3YK2ANy6AlMSGy9LTDIorRw/tG
qWh6U52FarWc0xg=
-----END CERTIFICATE-----
 2 s:DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Root CA
   i:DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Root CA
-----BEGIN CERTIFICATE-----
MIIFzDCCA7SgAwIBAgIBBjANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQB
GRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQKDApFY2tuZXIg
TmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJFY2tuZXIgTmV0
IFJvb3QgQ0EwHhcNMjAwMTE0MDg0MDUzWhcNMjEwMTEzMDg0MDUzWjB3MRMwEQYK
CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQK
DApFY2tuZXIgTmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJF
Y2tuZXIgTmV0IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDWsUmPvUZjQ0NyISExa+pjALcQdnBwKP+mDQH5dqao/er9dGtQ/vHnm/3eiUrf
gLhyAjjbLh/kTQ1B8yJOk5mD0ndYiPNqWb6VyB9UxlshHewoeW3nNPrbOSDn5oc1
7s7BSi5UjNeXrycIyXAeVS3scvHV44o99yA4c9f0aS3k+JtA6UuDVIWEUAd1nn/J
oDrBOFvgqvdYCaJdecEXoru+gg00wlzOUdvp5QNYd9XFeVPuAGNhV10BhfB5jsH4
dLEUAMjy2uLm5Ite88AQW/s5QpZGKFpR4s/CQqeZcxuoOIXvT3VCsG6ICH6I4RRq
JYOUvRtv5RAY/V/niAYF0/iA6J+z0ZXPU9hx5gQYS8KyRk298gkf+yeRdYxmIkJN
d1LBymLT/PzKhbd8Kb22t6k2v7zi2s08ok7TGB+NOS7AIw9dJ7LEKQp7OrHIOdPQ
McUS2L14EhvzCRN5y5JEn4cay8UbaApzkqqAg4GMc9SEST67i/87uBKMMqB9Mu7C
CbQPFk1G/PVjJ68HZhh0V6NXpohRrSvpvqBnoOeqbfCu0KFm+c6W+JY0QiBnrLzu
PEUSxRfAKoApAacO1kBSofwJY5i/sPzW3GJ7lf70+aFM0a+30CwgHsO7Bidvu1LG
adW32s+VAvBOwzDOTqxUrQaHJOLWRcTAheGaY3Bjc9PyfQIDAQABo2MwYTAOBgNV
HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlYAu6c98wvDq
R+SD/OT60M8R1XYwHwYDVR0jBBgwFoAUlYAu6c98wvDqR+SD/OT60M8R1XYwDQYJ
KoZIhvcNAQEFBQADggIBAKCsv6ORFy7wKP8S5hsKVHJNnfHO2NMQrYSqpojDKySW
jpTptSvIhDQbbyrlbZZrY2Qeokt1d89YO1E0K3TCIVmhfEbm/ESjd0uWJ2DZOKhQ
F23pcskO0FXfBjB536MLFthzjhxleTRAX8Uj2o0Cw1Q+Joea6UowRHvhVmYfXrDq
FCb84UvFdhjYL4bLC9iW0v9EeZOsqxJxxIUGYLXqs59zEdf9trtM3Q7KDEtC0s+A
im/eGtDBZ0+kYvqO7p5rf+8Re49svqTqjojm1UJG6sUiDbwC/8RQC8KgDcctP5LU
dwjp0xyHPBDhu83TFPxoXY7kUfcLYY6LR1FG8ZtamBXyFlRQcqyRn0BNsfvjs8Ny
tpRBip4fcclCeAz3A2j2Imk7uamwID1bQb8P/cexHtJW0Z2vwcBpcp0fgiRxINxI
SPwkZ83jsWkEqDCNVIBLy2+O6x7URKe9CwuKo5VJhrERLPlHR8tksiZH/8lmvgyQ
Ew7N3LWhaJOggnyEUnnNonbT2lSDR1XL+YPmGRFv8Hb4D+YgDz+hejppcCqQQ24p
9x7ev/r37zePuCjxINQzfmMo0DpQV9MqvqZ80DbJOT2Ntd+OqX5dNmIBCQ9F/qVX
LAyjyv1UTDQripZBBnQ5PdqWEzxtsYZYrxyPzOphnH9rApigypZMYLRvyFbpU3Oc
-----END CERTIFICATE-----
---
Server certificate
subject=

issuer=DC = net, DC = eckner, O = Eckner Net, OU = Eckner Net CA, CN = Eckner Net Intermediate CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4678 bytes and written 402 bytes
Verification error: unsupported certificate purpose
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 26 (unsupported certificate purpose)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 91735363ADAC34B8A82D5FF15CDB85E4D6E4C40FA29904F172AD9EF4DB66F621
    Session-ID-ctx: 
    Resumption PSK: 0F27880235B5DD24DEA6B728048DE73DB6C7692555DEEEEBE787202E62CCFE8E83F1136AAEB2C0F75AE091E0001B3021
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 93 5f c8 8f 51 ce 22 85-03 b3 48 6c d4 1e 09 06   ._..Q."...Hl....
    0010 - b6 1f f1 3e 73 28 3a 7d-61 9c 8d 05 b9 fb 10 c1   ...>s(:}a.......

    Start Time: 1590328844
    Timeout   : 7200 (sec)
    Verify return code: 26 (unsupported certificate purpose)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 1062A132454C0749DE1129934812B8815AC5547F297CAA0298F22F1F690E76CE
    Session-ID-ctx: 
    Resumption PSK: 63995E4038765037678250A71E112C4EB0BE95304CFBF0FCFD2356EDAF7840BC6DA39FFCDF121DE59221F6249D88FA94
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 45 63 5e 9e 19 5e 8b 0f-7a d7 17 58 26 0f 73 cb   Ec^..^..z..X&.s.
    0010 - 7e 62 c4 cd 30 64 64 fb-fd 7c 87 1e bf aa 2a 83   ~b..0dd..|....*.

    Start Time: 1590328844
    Timeout   : 7200 (sec)
    Verify return code: 26 (unsupported certificate purpose)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE

This is the keychain as provided by certbot:

MIIEXTCCAkUCEAFKHb4hg0ycslZj/jng5lQwDQYJKoZIhvcNAQELBQAwfzETMBEG
CgmSJomT8ixkARkWA25ldDEWMBQGCgmSJomT8ixkARkWBmVja25lcjETMBEGA1UE
CgwKRWNrbmVyIE5ldDEWMBQGA1UECwwNRWNrbmVyIE5ldCBDQTEjMCEGA1UEAwwa
RWNrbmVyIE5ldCBJbnRlcm1lZGlhdGUgQ0EwHhcNMjAwNTI0MTM1NDUyWhcNMjAw
NjIzMTM1NDUyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3td/
+ACtjneCbeyxI9rVaCkO6dZnD17/3ue5CNkMTq/2S7libxI3RhqK8h2V3i/O+mhu
lqPZeXpJmcYOqNZaNQmQEpsVuyzMsGi6lxTkh9gUFXzLKdpxsipTvg2DcG8X9kbc
RjoT0qUOeTc8AYIEUawSqUXnk0OO4vbQ5iVRHTBM93osIIV7+x0luuGLHZwlwCPp
gcsOLs0vPtjAhkFwj9loVhWifjHkLS2nprejGQEGLHEC4EzuM8K91eVsat3f1q8h
p1/4Ztp0lYa76RdKq82SZRtmInbQFmX+N0/QZyVOsqnZ0A/3ZzG60ABmybnUXVZI
74IyF0Sd7OpmgWEzJQIDAQABo1kwVzAfBgNVHREEGDAWghRycGkzLmRkbnMuZWNr
bmVyLm5ldDAfBgNVHSMEGDAWgBTenbYMOz53jiJSftOn4m/hHfVokzATBgNVHSUE
DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEADnlHVkrt8m0m5+klJzks
JtebiTVK9IvkMqH0MdYW9FZwPM/0HXEghPiNvJU3K8CdWehoZqCpyQPvVP7VRqBa
8yfrezajtww0wrs3DO7LLHJvaAm7rYRD6BH7zSV1qJ3DwS1a/dYJFREK91EQ1+bj
RzCfCGLQonZPv9CqwS6fr9vSU+qRaihvgEuSczPKmoTjtkdioP4y5tqxgwQXyWn7
xn1YzQbXn7kLfuy02T4UYOO1VJ81T37EskwiyoC7Ie9/fCABm40JJEPx63FXQCuG
AbXjcBjpG9rqxlGtCpSVD7KI87QoLiA4mDA8ZFeyOnhUEqD88cJecTtSoqQyrNWN
YEL940Vvw5AF9jK0F9gg2knbIXSvZAD6AW5vKXgNNewO08Ne6RKWoWrXNdPJlkek
5Wdlb5Hfza1+mox2A34elQXeWuo3f9G08Xg8/Dv3BBvsUptAEneRFaYJDVYtCX6Q
5Ym6UAWWQ56lFTGugEpMkKoUep9x9EAeI6B4BFC6woJyi52FsuFSr30zrOFRJDg6
OrQ3+JTjX2ndTOVGFsuOgdni05nYWkTBAEbCmWZWXMhWLyraGLS5xrkvYtdi+8pj
7WVALW7UGnSFz7ohmVzluTprtAxLh6FT0D9OiYZdtxbmE12hUGZ3Shgu2TlojQpP
xdfBu8E5AyPF/IC+PvXNSro=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF1zCCA7+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQB
GRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQKDApFY2tuZXIg
TmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJFY2tuZXIgTmV0
IFJvb3QgQ0EwHhcNMjAwMTE0MDg0MTA3WhcNMjEwMTEzMDg0MTA3WjB/MRMwEQYK
CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQK
DApFY2tuZXIgTmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMSMwIQYDVQQDDBpF
Y2tuZXIgTmV0IEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALpqZnilaOaHazOFOIlxyd5GJ3FyhBn01LC0XY8fU90onJrfm6kt
i8EPW4CsB0z7Y++4bnyZoqkSWBmHbDN/cCHKlJfRIwfpVSHHWlOrNy9wc+7fuCxO
rckWsbwKMyh/9oBrajtFgizyi+CwsX9ykahv8Wbwq7CVTkFFRcu+yRbRZB/NLIio
4qvcyyRsXE13nPcN3d/NLvkKfU1cW8V4zdVLgYGZqnSGI5weKzIY+1RMsjJ9ptPU
CZkmICXb0KpcX5r24KhiX26jZz3Q+Q55mNoJ9BzIZoMdbv84tWWmu+QXImTbv6rB
hLN2+XMPXMaytX7tQtFxUzCIn6AiuyJyi1OQzElJ1+WlY5RxGyY+hStDmBkPT8Cw
EU1BOX9L9M2m3icrWh4IESBHkhmv5PsIsVQJawUTHoNr+L5cBDuxv843wPzIM8+8
qA6j5o5okIX9r8uokwGhq/2Kqv3UOmwKHn5AeaBpNH2Zlwo3ANJZTtpGljf6WbR5
14sYd/Qyv4GDYmLC/WK9lRfDH3pWlbkt1B8derVcn5wGTKFLUUg816IXAYqVGP+H
jwIjoLstSQt05nWqr5hb3D7d2XJzLjqLO/h6osISbQ3NPdEcov4yEw8ktmciZXhx
RDuDY2Y9/fJ71cYAtk2kk51sp1E7FBfWskV1r1mKnc2CyArfwuAqca2tAgMBAAGj
ZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
BBTenbYMOz53jiJSftOn4m/hHfVokzAfBgNVHSMEGDAWgBSVgC7pz3zC8OpH5IP8
5PrQzxHVdjANBgkqhkiG9w0BAQUFAAOCAgEAN+ecQhG7lGiAAIU5iVf8EhJfgulB
a2N5tW07r7xI19hlKbcr6pjFAfDi3Sntjer9zvV36dMpyLGInY4a51N87gV50lN7
JACeNs96MxQfyPIg4q/tIBvkQVsV0x0Z5VG7l0pvnrt3H0IR+zc4egzE/NVr8/71
Y/PFK+XLxcGfOGCsWRhynt8Qr87dmiv1Q59LZ+s3k6sS5o6NjaNW/ksqIOprb0ez
gV21DfOQJrfrMUHNCIE7LvGjrePLdJ2YtO4xNL3wlpTlqXB+px9yZtgyEzA70cMg
nIJvalYJ/lcCPJl4UTZ0YDfqBUGKsGS8eaHUyuHRvnOWpRfvCAGwPzCUdQN58tJa
4kMdD/7JqFBLadkcQ94MJiAvQBzdey939BUfojG8H/lcXv6CUAUNpptp7hv3gBiY
5RinGac4A9VXNT5bvBCkrAFmW1k1usPhRUYiZs7tg7Kk+0CqX0BmBtizSA3zUEkB
GJgMh1uihJ8SyhYre4WPLcb7N/1uUWO+5xWjF5NwTbV/4FFvvX1FUXidAYa+OA0S
bXnQlW7eZYEJ7pFL3Z6HTkAiPZMDOEa/wFtDcIBHaZGzwkz1Wxbj42I8Ah6FsSCc
s8jqVbqkFMQzLRXNCdeVextDdKIpTsCxNFyanx3YK2ANy6AlMSGy9LTDIorRw/tG
qWh6U52FarWc0xg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFzDCCA7SgAwIBAgIBBjANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQB
GRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQKDApFY2tuZXIg
TmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJFY2tuZXIgTmV0
IFJvb3QgQ0EwHhcNMjAwMTE0MDg0MDUzWhcNMjEwMTEzMDg0MDUzWjB3MRMwEQYK
CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGZWNrbmVyMRMwEQYDVQQK
DApFY2tuZXIgTmV0MRYwFAYDVQQLDA1FY2tuZXIgTmV0IENBMRswGQYDVQQDDBJF
Y2tuZXIgTmV0IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDWsUmPvUZjQ0NyISExa+pjALcQdnBwKP+mDQH5dqao/er9dGtQ/vHnm/3eiUrf
gLhyAjjbLh/kTQ1B8yJOk5mD0ndYiPNqWb6VyB9UxlshHewoeW3nNPrbOSDn5oc1
7s7BSi5UjNeXrycIyXAeVS3scvHV44o99yA4c9f0aS3k+JtA6UuDVIWEUAd1nn/J
oDrBOFvgqvdYCaJdecEXoru+gg00wlzOUdvp5QNYd9XFeVPuAGNhV10BhfB5jsH4
dLEUAMjy2uLm5Ite88AQW/s5QpZGKFpR4s/CQqeZcxuoOIXvT3VCsG6ICH6I4RRq
JYOUvRtv5RAY/V/niAYF0/iA6J+z0ZXPU9hx5gQYS8KyRk298gkf+yeRdYxmIkJN
d1LBymLT/PzKhbd8Kb22t6k2v7zi2s08ok7TGB+NOS7AIw9dJ7LEKQp7OrHIOdPQ
McUS2L14EhvzCRN5y5JEn4cay8UbaApzkqqAg4GMc9SEST67i/87uBKMMqB9Mu7C
CbQPFk1G/PVjJ68HZhh0V6NXpohRrSvpvqBnoOeqbfCu0KFm+c6W+JY0QiBnrLzu
PEUSxRfAKoApAacO1kBSofwJY5i/sPzW3GJ7lf70+aFM0a+30CwgHsO7Bidvu1LG
adW32s+VAvBOwzDOTqxUrQaHJOLWRcTAheGaY3Bjc9PyfQIDAQABo2MwYTAOBgNV
HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUlYAu6c98wvDq
R+SD/OT60M8R1XYwHwYDVR0jBBgwFoAUlYAu6c98wvDqR+SD/OT60M8R1XYwDQYJ
KoZIhvcNAQEFBQADggIBAKCsv6ORFy7wKP8S5hsKVHJNnfHO2NMQrYSqpojDKySW
jpTptSvIhDQbbyrlbZZrY2Qeokt1d89YO1E0K3TCIVmhfEbm/ESjd0uWJ2DZOKhQ
F23pcskO0FXfBjB536MLFthzjhxleTRAX8Uj2o0Cw1Q+Joea6UowRHvhVmYfXrDq
FCb84UvFdhjYL4bLC9iW0v9EeZOsqxJxxIUGYLXqs59zEdf9trtM3Q7KDEtC0s+A
im/eGtDBZ0+kYvqO7p5rf+8Re49svqTqjojm1UJG6sUiDbwC/8RQC8KgDcctP5LU
dwjp0xyHPBDhu83TFPxoXY7kUfcLYY6LR1FG8ZtamBXyFlRQcqyRn0BNsfvjs8Ny
tpRBip4fcclCeAz3A2j2Imk7uamwID1bQb8P/cexHtJW0Z2vwcBpcp0fgiRxINxI
SPwkZ83jsWkEqDCNVIBLy2+O6x7URKe9CwuKo5VJhrERLPlHR8tksiZH/8lmvgyQ
Ew7N3LWhaJOggnyEUnnNonbT2lSDR1XL+YPmGRFv8Hb4D+YgDz+hejppcCqQQ24p
9x7ev/r37zePuCjxINQzfmMo0DpQV9MqvqZ80DbJOT2Ntd+OqX5dNmIBCQ9F/qVX
LAyjyv1UTDQripZBBnQ5PdqWEzxtsYZYrxyPzOphnH9rApigypZMYLRvyFbpU3Oc
-----END CERTIFICATE-----

Should I have passed something to certbot in order to request a special purpose? Or is it some default that's missing?

Regards,
deep-42-thought

I'm using version "handler_env" with xca handler as I wanted to test #60 and I noticed that issued certs having 2x key-usage set:

Problem happens w/ and w/o xca template.

Hi,
Thank your for sharing your project, it is really nice, I'm using it to ensure communication between acme clients and Microsoft services and it's running smoothly.

I wanted to make a suggestion: adding the possibility of creating external account binding. (according to the RFC 8555 - Section 7.3.4)
This could be very helpful to manage more easily the different ACME Accounts and also avoid unwanted ACME request to be processed.

I've tested acme2certifier with incorrect DNS host entry.
DNS server replied NXDOMAIN, but status is not changed to invalid.

Also client does not know state change and keeps trying to request.

I successfly managed to get my certificate using acme.sh.
acme.sh --server http://myserver --register-account --accountemail [email protected] acme.sh --server http://myserver --issue -d acme-1.example.com -d example.com --standalone

But when I try using certbot or certmanager:
certbot --apache --server http://lmyserver -d example.com

I got the following error:
Error: [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]

For information, I'm using: acme2certifier and mscertsrv_ca_handler

several errors result in Traceback (most recent call last):

• "issuing_ca_name" incorrect
• "passphrase" incorrect
• "ca_cert_chain_list" contains non-existing reference

I have ADCS Certificate Enrollment Web Service (CEWS) running on a separate server than my actual ADCS CA. After my Linux client successfully completes the ACME challenge and calls finalize, acme2certifier produces this sequence of errors:

ca_server.get_chain() failed with error: 'NoneType' object has no attribute 'group'
ca_server.get_cert() failed with error: An unknown error occured
cert bundling failed
acme2certifier enrollment error: cert bundling failed

I read the code and found this line:

An unexpected error has occurred: The Certification Authority Service has not been started.

In fact, the Certification Authority service is not even installed on this server because it is not the CA.

So my question is,
Does acme2certifier require/assume that CEWS is running on the same server as the CA?

Thanks very much.
Chris Ursich

Sometimes, the verification fails - certbot claims, no data was sent in response to some query:

2020-05-27 09:00:09,950:INFO:certbot._internal.auth_handler:Waiting for verification...
2020-05-27 09:00:09,952:DEBUG:acme.client:JWS payload:
b'{}'
2020-05-27 09:00:09,955:DEBUG:acme.client:Sending POST request to https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vcGxheWdyb3VuZC5hY21lLmxpYnJlL2FjbWUvYWNjdC9MSEdtdUtzcjJ6MWMiLCAibm9uY2UiOiAiNmY3NTEwNDRkMGQ4NGJiYmI5ZTJmN2E4MmNkNzk4NTQiLCAidXJsIjogImh0dHBzOi8vcGxheWdyb3VuZC5hY21lLmxpYnJlL2FjbWUvY2hhbGwvenNqVTlEN1E0bFRVIn0",
  "signature": "gv-drwKgVl9XVTNO4dj5CTTh-JRs8fK07p88t0FlaFMP5BgtChQz7TEOpFINhX-ZveetmQ-JM5VrqP5fMRiITXUWwDfD46QKVl-5P-Gk1z5iJeDTLzB5SiUWeZtpKWmN4hvNDuBbwjPhV2BLlZ1IcDksk6dtzj3WWLqXpjMgeFbFYwCJ5z-dbg8L5yoY20MHDJolQc4f7mV76E5dvyDe513ChR0TvTVU7wha_n8vJdWQdblBS53hPVsVTMsED6X0OdxFoCffjL3IY89ctpPiNUZmk-v2sm041YymdrJAAMR-0BKcN35XtXGCxzOxMtlneC8MqlkqHvbLkKrs85J-fw",
  "payload": "e30"
}
2020-05-27 09:00:10,894:DEBUG:urllib3.connectionpool:https://playground.acme.libre:443 "POST /acme/chall/zsjU9D7Q4lTU HTTP/1.1" 200 None
2020-05-27 09:00:10,895:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx/1.18.0
Date: Wed, 27 May 2020 07:00:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Link: <https://playground.acme.libre/acme/authz/>;rel="up"
Replay-Nonce: e7f74aac52684a249ab3d836cabdc04c

{"type": "http-01", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp", "status": "pending", "url": "https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU"}
2020-05-27 09:00:10,896:DEBUG:acme.client:Storing nonce: e7f74aac52684a249ab3d836cabdc04c
2020-05-27 09:00:10,897:DEBUG:acme.client:JWS payload:
b'{}'
2020-05-27 09:00:10,899:DEBUG:acme.client:Sending POST request to https://playground.acme.libre/acme/chall/ctzkovquqhUx:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vcGxheWdyb3VuZC5hY21lLmxpYnJlL2FjbWUvYWNjdC9MSEdtdUtzcjJ6MWMiLCAibm9uY2UiOiAiZTdmNzRhYWM1MjY4NGEyNDlhYjNkODM2Y2FiZGMwNGMiLCAidXJsIjogImh0dHBzOi8vcGxheWdyb3VuZC5hY21lLmxpYnJlL2FjbWUvY2hhbGwvY3R6a292cXVxaFV4In0",
  "signature": "nwU3TIlZEIjEvPnnIeYwdRyFVfKbdmK-yMMXgPT1uRFSbcc4XNsoipGrHe3eYdHUsnsP0zl3jsRWJygrPH8-wowdWSFNcoad3h8a_LnqBzHepTP0y0TMvs1Ut12zeNlHqCwbXApois_7PKdYEFvv80UhR3khwxtGwr6Abqke1nxOWlKwYhCG_7In919NLRDvhjWYMeHO59RIQ7FqckDO15H6fWx64x_NQOe7HCQO1OP4ng1yCsP9o4_Kr9EnjCTbMJYYjGKSiJDyaFjqcXHRqfTlBy3Q_hqMSSQZaXcGu90F3Crwec8tNicrQHXjjqmJlFGbc5imlZa6ool6WU2qVQ",
  "payload": "e30"
}
2020-05-27 09:00:10,911:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 426, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 421, in _make_request
    httplib_response = conn.getresponse()
  File "/usr/lib/python3.8/http/client.py", line 1332, in getresponse
    response.begin()
  File "/usr/lib/python3.8/http/client.py", line 303, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python3.8/http/client.py", line 272, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 403, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 426, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 421, in _make_request
    httplib_response = conn.getresponse()
  File "/usr/lib/python3.8/http/client.py", line 1332, in getresponse
    response.begin()
  File "/usr/lib/python3.8/http/client.py", line 303, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python3.8/http/client.py", line 272, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))```
The corresponding log of the server is:

May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._config_load() ended.
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order.new()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Message.check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: decode_message()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.check_nonce()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.nonce._check_and_delete(7f0c65f0e1ee4da79dd2f962323feb5c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_check(7f0c65f0e1ee4da79dd2f962323feb5c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_check() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_delete(7f0c65f0e1ee4da79dd2f962323feb5c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_delete() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce._check_and_delete() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.check_nonce() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Message._name_get()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: kid: https://playground.acme.libre/acme/acct/LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Message._name_get() returns: LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Signature.check(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: check signature against account key
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Signature._jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._account_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.jwk_load() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: signature_check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Signature.check() ended with: True:None
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Message.check() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._add(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._identifiers_check([{'type': 'dns', 'value': 'pkgapi.archlinux32.oss'}, {'type': 'dns', 'value': 'git2.archlinux32.oss'}, {'type': 'dns', 'value': 'git3.archlinux32.oss'}])
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._identifiers_check() done with None:
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.order_add({'status': 2, 'expires': 1590649208, 'account': 'LHGmuKsr2z1c', 'name': 'jJjtYx92MvNY', 'identifiers': '[{"type": "dns", "value": "pkgapi.archlinux32.oss"}, {"type": "dns", "value": "git2.archlinux32.oss"}, {"type": "dns", "value": "git3.archlinux32.oss"}]'})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.account_lookup(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._account_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.account_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.order_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add({'type': 'dns', 'value': 'pkgapi.archlinux32.oss', 'name': 'WLkp1X0iha4I', 'order': 17, 'status': 'pending'})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add() ended with: 21
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add({'type': 'dns', 'value': 'git2.archlinux32.oss', 'name': '68Gp1EVVOIYZ', 'order': 17, 'status': 'pending'})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add() ended with: 22
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add({'type': 'dns', 'value': 'git3.archlinux32.oss', 'name': 'iPiq3JRT3tiB', 'order': 17, 'status': 'pending'})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.authorization_add() ended with: 23
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order._add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Message.prepare_response()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.nonce_generate_and_add()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.nonce__new()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: got nonce: de3538aa637947f9abe9fb1e85a0b237
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_add(de3538aa637947f9abe9fb1e85a0b237)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: DBStore.nonce_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Nonce.generate_and_add() ended with:de3538aa637947f9abe9fb1e85a0b237
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: Order.new() returns: {"header": {"Location": "https://playground.acme.libre/acme/order/jJjtYx92MvNY", "Replay-Nonce": "de3538aa637947f9abe9fb1e85a0b237"}, "data": {"identifiers": [{"type": "dns", "value": "pkgapi.archlinux32.oss"}, {"type": "dns", "value": "git2.archlinux32.oss"}, {"type": "dns", "value": "git3.archlinux32.oss"}], "authorizations": ["https://playground.acme.libre/acme/authz/WLkp1X0iha4I", "https://playground.acme.libre/acme/authz/68Gp1EVVOIYZ", "https://playground.acme.libre/acme/authz/iPiq3JRT3tiB"], "status": "pending", "expires": "2020-05-28T07:00:08Z", "finalize": "https://playground.acme.libre/acme/order/jJjtYx92MvNY/finalize"}, "code": 201}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: 2a03:4000:2a:1bc::1 /acme/neworders {'header': {'Location': 'https://playground.acme.libre/acme/order/jJjtYx92MvNY', 'Replay-Nonce': '- modified -'}, 'data': {'identifiers': [{'type': 'dns', 'value': 'pkgapi.archlinux32.oss'}, {'type': 'dns', 'value': 'git2.archlinux32.oss'}, {'type': 'dns', 'value': 'git3.archlinux32.oss'}], 'authorizations': ['https://playground.acme.libre/acme/authz/WLkp1X0iha4I', 'https://playground.acme.libre/acme/authz/68Gp1EVVOIYZ', 'https://playground.acme.libre/acme/authz/iPiq3JRT3tiB'], 'status': 'pending', 'expires': '2020-05-28T07:00:08Z', 'finalize': 'https://playground.acme.libre/acme/order/jJjtYx92MvNY/finalize'}, 'code': 201}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108058]: [pid: 2108058|app: 0|req: 39/156] 2a03:4000:2a:1bc::1 () {42 vars in 665 bytes} [Wed May 27 09:00:08 2020] POST /acme/neworders => generated 494 bytes in 266 msecs (HTTP/1.1 201) 3 headers in 164 bytes (2 switches on core 0)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Authorization.new_post()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Message.check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: decode_message()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.check_nonce()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.nonce._check_and_delete(de3538aa637947f9abe9fb1e85a0b237)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_check(de3538aa637947f9abe9fb1e85a0b237)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_check() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_delete(de3538aa637947f9abe9fb1e85a0b237)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_delete() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce._check_and_delete() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.check_nonce() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Message._name_get()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: kid: https://playground.acme.libre/acme/acct/LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Message._name_get() returns: LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Signature.check(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: check signature against account key
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Signature._jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._account_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.jwk_load() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: signature_check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Signature.check() ended with: True:None
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Message.check() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Authorization._authz_info(https://playground.acme.libre/acme/authz/WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_update({'name': 'WLkp1X0iha4I', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'expires': 1590649208})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_update() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Challenge.new_set(WLkp1X0iha4I, 0tnJzpVcF5zz09frQhyj1OLa954sX6xp)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Challenge._new(http-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.challenge_add({'name': 'zsjU9D7Q4lTU', 'expires': 1590649208, 'type': 'http-01', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'authorization': 'WLkp1X0iha4I', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Challenge._new(dns-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.challenge_add({'name': 'sDQ1e7EdY65f', 'expires': 1590649208, 'type': 'dns-01', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'authorization': 'WLkp1X0iha4I', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Challenge._new_set returned ([{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp'}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/sDQ1e7EdY65f', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp'}])
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Authorization._authz_info() returns: {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "pkgapi.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/sDQ1e7EdY65f", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp"}]}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Message.prepare_response()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.nonce_generate_and_add()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.nonce__new()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: got nonce: 930a4ee275a6478399da971d2f074567
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_add(930a4ee275a6478399da971d2f074567)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: DBStore.nonce_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Nonce.generate_and_add() ended with:930a4ee275a6478399da971d2f074567
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: Authorization.new_post() returns: {"data": {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "pkgapi.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/sDQ1e7EdY65f", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp"}]}, "code": 200, "header": {"Replay-Nonce": "930a4ee275a6478399da971d2f074567"}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: 2a03:4000:2a:1bc::1 /acme/authz/WLkp1X0iha4I {'data': {'expires': '2020-05-28T07:00:08Z', 'status': 'pending', 'identifier': {'type': 'dns', 'value': 'pkgapi.archlinux32.oss'}, 'challenges': [{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU', 'token': '- modified - '}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/sDQ1e7EdY65f', 'token': '- modified - '}]}, 'code': 200, 'header': {'Replay-Nonce': '- modified -'}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108056]: [pid: 2108056|app: 0|req: 16/157] 2a03:4000:2a:1bc::1 () {42 vars in 683 bytes} [Wed May 27 09:00:08 2020] POST /acme/authz/WLkp1X0iha4I => generated 397 bytes in 63 msecs (HTTP/1.1 200) 2 headers in 104 bytes (1 switches on core 0)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Authorization.new_post()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Message.check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: decode_message()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.check_nonce()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.nonce._check_and_delete(930a4ee275a6478399da971d2f074567)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_check(930a4ee275a6478399da971d2f074567)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_check() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_delete(930a4ee275a6478399da971d2f074567)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_delete() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce._check_and_delete() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.check_nonce() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Message._name_get()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: kid: https://playground.acme.libre/acme/acct/LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Message._name_get() returns: LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Signature.check(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: check signature against account key
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Signature._jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._account_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.jwk_load() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: signature_check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Signature.check() ended with: True:None
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Message.check() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Authorization._authz_info(https://playground.acme.libre/acme/authz/68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_update({'name': '68Gp1EVVOIYZ', 'token': 'DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi', 'expires': 1590649208})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_update() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Challenge.new_set(68Gp1EVVOIYZ, DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Challenge._new(http-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.challenge_add({'name': 'ctzkovquqhUx', 'expires': 1590649208, 'type': 'http-01', 'token': 'DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi', 'authorization': '68Gp1EVVOIYZ', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Challenge._new(dns-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.challenge_add({'name': 'BUFcaASMPmmi', 'expires': 1590649208, 'type': 'dns-01', 'token': 'DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi', 'authorization': '68Gp1EVVOIYZ', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search(column:name, pattern:68Gp1EVVOIYZ)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Challenge._new_set returned ([{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/ctzkovquqhUx', 'token': 'DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi'}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/BUFcaASMPmmi', 'token': 'DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi'}])
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Authorization._authz_info() returns: {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "git2.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/ctzkovquqhUx", "token": "DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/BUFcaASMPmmi", "token": "DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi"}]}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Message.prepare_response()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.nonce_generate_and_add()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.nonce__new()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: got nonce: f62696a08a9d4ee3a80073213dc409ff
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_add(f62696a08a9d4ee3a80073213dc409ff)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: DBStore.nonce_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Nonce.generate_and_add() ended with:f62696a08a9d4ee3a80073213dc409ff
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: Authorization.new_post() returns: {"data": {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "git2.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/ctzkovquqhUx", "token": "DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/BUFcaASMPmmi", "token": "DYIvbT2EKxxm4FQ0Wl11WhSi0HyMJLCi"}]}, "code": 200, "header": {"Replay-Nonce": "f62696a08a9d4ee3a80073213dc409ff"}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: 2a03:4000:2a:1bc::1 /acme/authz/68Gp1EVVOIYZ {'data': {'expires': '2020-05-28T07:00:08Z', 'status': 'pending', 'identifier': {'type': 'dns', 'value': 'git2.archlinux32.oss'}, 'challenges': [{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/ctzkovquqhUx', 'token': '- modified - '}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/BUFcaASMPmmi', 'token': '- modified - '}]}, 'code': 200, 'header': {'Replay-Nonce': '- modified -'}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Authorization.new_post()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Message.check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: decode_message()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.check_nonce()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce._check_and_delete(f62696a08a9d4ee3a80073213dc409ff)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_check(f62696a08a9d4ee3a80073213dc409ff)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_check() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_delete(f62696a08a9d4ee3a80073213dc409ff)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108053]: [pid: 2108053|app: 0|req: 76/158] 2a03:4000:2a:1bc::1 () {42 vars in 683 bytes} [Wed May 27 09:00:08 2020] POST /acme/authz/68Gp1EVVOIYZ => generated 395 bytes in 55 msecs (HTTP/1.1 200) 2 headers in 104 bytes (1 switches on core 0)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_delete() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce._check_and_delete() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.check_nonce() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Message._name_get()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: kid: https://playground.acme.libre/acme/acct/LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Message._name_get() returns: LHGmuKsr2z1c
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Signature.check(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: check signature against account key
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Signature._jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: signature_check()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Signature.check() ended with: True:None
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Message.check() ended with:200
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Authorization._authz_info(https://playground.acme.libre/acme/authz/iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_update({'name': 'iPiq3JRT3tiB', 'token': 'IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E', 'expires': 1590649208})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_update() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: _config_load()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Challenge.new_set(iPiq3JRT3tiB, IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Challenge._new(http-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_add({'name': 'jonG7GK5pxl2', 'expires': 1590649208, 'type': 'http-01', 'token': 'IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E', 'authorization': 'iPiq3JRT3tiB', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Challenge._new(dns-01)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: generate_random_string()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_add({'name': 't6hdRyIHVIwF', 'expires': 1590649208, 'type': 'dns-01', 'token': 'IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E', 'authorization': 'iPiq3JRT3tiB', 'status': 2})
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:iPiq3JRT3tiB)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_lookup() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Challenge._new_set returned ([{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/jonG7GK5pxl2', 'token': 'IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E'}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/t6hdRyIHVIwF', 'token': 'IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E'}])
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Authorization._authz_info() returns: {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "git3.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/jonG7GK5pxl2", "token": "IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/t6hdRyIHVIwF", "token": "IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E"}]}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Message.prepare_response()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce_generate_and_add()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce__new()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: got nonce: 6f751044d0d84bbbb9e2f7a82cd79854
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_add(6f751044d0d84bbbb9e2f7a82cd79854)
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_add() ended
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Nonce.generate_and_add() ended with:6f751044d0d84bbbb9e2f7a82cd79854
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: Authorization.new_post() returns: {"data": {"expires": "2020-05-28T07:00:08Z", "status": "pending", "identifier": {"type": "dns", "value": "git3.archlinux32.oss"}, "challenges": [{"type": "http-01", "url": "https://playground.acme.libre/acme/chall/jonG7GK5pxl2", "token": "IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E"}, {"type": "dns-01", "url": "https://playground.acme.libre/acme/chall/t6hdRyIHVIwF", "token": "IyqaBmOFWDuy9AprkHK2hcZAMdlUMV3E"}]}, "code": 200, "header": {"Replay-Nonce": "6f751044d0d84bbbb9e2f7a82cd79854"}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: 2a03:4000:2a:1bc::1 /acme/authz/iPiq3JRT3tiB {'data': {'expires': '2020-05-28T07:00:08Z', 'status': 'pending', 'identifier': {'type': 'dns', 'value': 'git3.archlinux32.oss'}, 'challenges': [{'type': 'http-01', 'url': 'https://playground.acme.libre/acme/chall/jonG7GK5pxl2', 'token': '- modified - '}, {'type': 'dns-01', 'url': 'https://playground.acme.libre/acme/chall/t6hdRyIHVIwF', 'token': '- modified - '}]}, 'code': 200, 'header': {'Replay-Nonce': '- modified -'}}
May 27 09:00:08 szilassi.eckner.net uwsgi[2108055]: [pid: 2108055|app: 0|req: 17/159] 2a03:4000:2a:1bc::1 () {42 vars in 683 bytes} [Wed May 27 09:00:08 2020] POST /acme/authz/iPiq3JRT3tiB => generated 395 bytes in 66 msecs (HTTP/1.1 200) 2 headers in 104 bytes (1 switches on core 0)
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: _config_load()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Challenge._config_load()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Challenge._config_load() ended.
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Challenge.parse()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Message.check()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: decode_message()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Nonce.check_nonce()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce._check_and_delete(6f751044d0d84bbbb9e2f7a82cd79854)
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_check(6f751044d0d84bbbb9e2f7a82cd79854)
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_check() ended
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_delete(6f751044d0d84bbbb9e2f7a82cd79854)
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:09 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_delete() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Nonce._check_and_delete() ended with:200
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Nonce.check_nonce() ended with:200
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Message._name_get()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: kid: https://playground.acme.libre/acme/acct/LHGmuKsr2z1c
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Message._name_get() returns: LHGmuKsr2z1c
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Signature.check(LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: check signature against account key
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Signature._jwk_load(LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: signature_check()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Signature.check() ended with: True:None
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Message.check() ended with:200
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge.get_name(https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: parse_url(https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._info(zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge_lookup(name:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search(column:name, pattern:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_lookup() ended with:{'type': 'http-01', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'status': 'pending'}
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._validate(zsjU9D7Q4lTU: {})
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge._check(zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge_lookup(name:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search(column:name, pattern:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_lookup() ended with:{'type': 'http-01', 'status': 'pending', 'token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'authorization': 'WLkp1X0iha4I', 'authorization__type': 'dns', 'authorization__value': 'pkgapi.archlinux32.oss', 'authorization__token': '0tnJzpVcF5zz09frQhyj1OLa954sX6xp', 'authorization__order__account__name': 'LHGmuKsr2z1c'}
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load(LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search(column:name, pattern:LHGmuKsr2z1c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._account_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.jwk_load() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: jwk_thumbprint_get()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: jwk_thumbprint_get() ended with: g4QZkwYFnXXifGa40DzqpMc2Q0cBBIcbtSlsMuT-f5A
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._validate_http_challenge()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: url_get(http://pkgapi.archlinux32.oss/.well-known/acme-challenge/0tnJzpVcF5zz09frQhyj1OLa954sX6xp)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Starting new HTTP connection (1): pkgapi.archlinux32.oss:80
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: http://pkgapi.archlinux32.oss:80 "GET /.well-known/acme-challenge/0tnJzpVcF5zz09frQhyj1OLa954sX6xp HTTP/1.1" 200 76
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: url_get() ended with: 0tnJzpVcF5zz09frQhyj1OLa954sX6xp.g4QZkwYFnXXifGa40DzqpMc2Q0cBBIcbtSlsMuT-f5A
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._validate_http_challenge() ended with: True
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge._check() ended with: True
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._update({'name': 'zsjU9D7Q4lTU', 'status': 'valid'})
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge_update({'name': 'zsjU9D7Q4lTU', 'status': 'valid'})
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search(column:name, pattern:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._status_search(column:name, pattern:valid)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._status_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_update() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._update() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._update_authz(zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge_lookup(name:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search(column:name, pattern:zsjU9D7Q4lTU)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._challenge_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.challenge_lookup() ended with:{'authorization': 'WLkp1X0iha4I'}
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_update({'name': 'WLkp1X0iha4I', 'status': 'valid'})
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search(column:name, pattern:WLkp1X0iha4I)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: rename name to authorization.name
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._authorization_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._status_search(column:name, pattern:valid)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._status_search() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.authorization_update() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._update_authz() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Challenge._validate() ended with:True
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Message.prepare_response()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce_generate_and_add()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Nonce.nonce__new()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: got nonce: e7f74aac52684a249ab3d836cabdc04c
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_add(e7f74aac52684a249ab3d836cabdc04c)
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_open() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close()
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore._db_close() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: DBStore.nonce_add() ended
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: Nonce.generate_and_add() ended with:e7f74aac52684a249ab3d836cabdc04c
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: challenge.parse() returns: {"data": {"type": "http-01", "token": "0tnJzpVcF5zz09frQhyj1OLa954sX6xp", "status": "pending", "url": "https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU"}, "header": {"Link": "https://playground.acme.libre/acme/authz/;rel="up"", "Replay-Nonce": "e7f74aac52684a249ab3d836cabdc04c"}, "code": 200}
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: 2a03:4000:2a:1bc::1 /acme/chall/zsjU9D7Q4lTU {'data': {'type': 'http-01', 'token': '- modified -', 'status': 'pending', 'url': 'https://playground.acme.libre/acme/chall/zsjU9D7Q4lTU'}, 'header': {'Link': 'https://playground.acme.libre/acme/authz/;rel="up"', 'Replay-Nonce': '- modified -'}, 'code': 200}
May 27 09:00:10 szilassi.eckner.net uwsgi[2108055]: [pid: 2108055|app: 0|req: 18/160] 2a03:4000:2a:1bc::1 () {42 vars in 683 bytes} [Wed May 27 09:00:09 2020] POST /acme/chall/zsjU9D7Q4lTU => generated 149 bytes in 933 msecs (HTTP/1.1 200) 3 headers in 164 bytes (2 switches on core 0)```
I don't see any issues, here (everything answers with 200). Do you have an idea, what might be going on? Is this some problem between uwsgi and my web server, maybe?

Maybe in some cases, one can make use of the hook options on acme.sh client, but when some restricted actions must be executed on a controlled zone, like creation of an object in LDAP or AD by specific service accounts, it would be nice to consider the possibility to execute a hooks once the certificate request has been succeeded.

On our case when creating a Certificate request using AD CA, is required to ensure that the object exists in Active Directory due specific authorisation mechanisms, could it be a feasible option to have this hook, accepting some parameters like the fqdn?

We would be happy to create a PR for this new feature

Hello, using the Acme4J client library I found that the "type" attribute that should be present in the error JSON structure has the name "message" instead. This seems to me to be a non-compliance with the RFC. For verification I did the same check with the "Let's encrypt" server and I saw that my client works correctly.
Below is the extract of my application log in which the problem is highlighted.

2022-05-19 17:59:08,706 [main] DEBUG: finalize
2022-05-19 17:59:08,713 [main] DEBUG: POST http://hostname/acme/order/N6ZNKCrcCJ4X/finalize
2022-05-19 17:59:08,713 [main] DEBUG: Payload: {"csr":"MIICnzCCAYcCAQAwMDEVMBMGA1UEAwwMd3d3LnRlc3QuY29tMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5BLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlIM6kLGlRc4GXbru8DAbdSZLU26tuUdZUwO2rVL8Szo4cvt9v6Dtt42byMlHQG9A4YHV6JFtaZQXx4zksrNRuPkV999XSNWxQ_xvoU6rKBtFWzIuXIX8mbS3y4Vbh1fOPTRM32UFdlM4r4qbco3vnBVT0vlVpIoqj30Wlwv8_BkWJ3T0X8oNMeYWThhaF-bEN6H8gCz_ep1rW81FUc_--scgVNVtLdI6UbPnblbremNiNhY4DylFXmto7L80nhP3U_dj3WjvqPJGvc1H5WRlBs3WFDjCIB3mHYV7uuOKS0lIvZGaWQ_EzlNmCfsteqeCWFzQ6B6P2rgn2Z-9jSPEECAwEAAaAqMCgGCSqGSIb3DQEJDjEbMBkwFwYDVR0RBBAwDoIMd3d3LnRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCLKlWn4agXyeJHRydUv_K4yDtUmew5FkCjzwpRmjLwtma3_lC4OdYc1Uz7xGozmdlgld01CeXj4vjITnIwU2BKSYo9gXlKIWajeVxMyqDcGBen-NX5MNP9Y0OSJ_v_tqCTqrc0PAQjHRUyIo3v6VrRhSYJ-lmUpnH0cTWNm30NkyZ7r0QfSLI2csxFp1nf8f-maWypf2I7FYEVs03BXWHIkwVx3SIUhefCYGrXZBiF51_3aV0nXyfD012IGSnYQosOUyycZi5-llfW8-WYnvVLVjhSjzEPDW_UEe-x-uxu0QKC7LR7aM1_kAUdNIRR2VvUx9vxLAcsC9ZiVAufBak9"}
2022-05-19 17:59:08,715 [main] DEBUG: JWS Header: {"url":"http://hostname/acme/order/N6ZNKCrcCJ4X/finalize","kid":"http://devk8s.actalis.it/acme/acct/V8EzIeuHgdGC","nonce":"60955f4b07cd4e04a89e224c77654b18","alg":"RS256"}
2022-05-19 17:59:08,767 [main] DEBUG: HEADER Transfer-Encoding: chunked
2022-05-19 17:59:08,768 [main] DEBUG: HEADER null: HTTP/1.1 403 Forbidden
2022-05-19 17:59:08,768 [main] DEBUG: HEADER Server: nginx/1.21.3
2022-05-19 17:59:08,768 [main] DEBUG: HEADER Connection: keep-alive
2022-05-19 17:59:08,768 [main] DEBUG: HEADER Date: Thu, 19 May 2022 15:59:25 GMT
2022-05-19 17:59:08,768 [main] DEBUG: HEADER Content-Type: application/problem+json
2022-05-19 17:59:08,771 [main] DEBUG: Result JSON: {"status":403,"message":"urn:ietf:params:acme:error:orderNotReady","detail":"Order is not ready"}
Exception in thread "main" org.shredzone.acme4j.exception.AcmeProtocolException: Problem without type
at org.shredzone.acme4j.Problem.lambda$getType$1(Problem.java:67)
at java.base/java.util.Optional.orElseThrow(Optional.java:408)
at org.shredzone.acme4j.Problem.getType(Problem.java:67)
at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:528)
at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479)
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407)
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161)
at org.shredzone.acme4j.Order.execute(Order.java:166)
at it.apps.pki.Application.main(Application.java:276)

I've created a simple xca template which only includes extended key usage options, but cert issue fails with traceback.
Template was referred in acme_srv.cfg using parameter: template_name: acme

If I don't use the template, everything works.

Traceback (most recent call last):
  File "./acme2certifier_wsgi.py", line 337, in application
    return callback(environ, start_response)
  File "./acme2certifier_wsgi.py", line 249, in order
    response_dic = eorder.parse(request_body)
  File "./acme/order.py", line 389, in parse
    (code, message, detail, certificate_name) = self._process(order_name, protected, payload)
  File "./acme/order.py", line 181, in _process
    (code, certificate_name, detail) = self._csr_process(order_name, payload['csr'])
  File "./acme/order.py", line 234, in _csr_process
    (error, detail) = certificate.enroll_and_store(certificate_name, csr)
  File "./acme/certificate.py", line 476, in enroll_and_store
    (error, certificate, certificate_raw, poll_identifier) = ca_handler.enroll(csr)
  File "./examples/ca_handler/xca_ca_handler.py", line 646, in enroll
    extension_list = self._extension_list_generate(template_dic, cert, ca_cert)
  File "./examples/ca_handler/xca_ca_handler.py", line 712, in _extension_list_generate
    extension_list.append(crypto.X509Extension(convert_string_to_byte('keyUsage'), kuc, convert_string_to_byte(ku_string)))
  File "/usr/local/lib/python3.8/dist-packages/OpenSSL/crypto.py", line 783, in __init__
    _raise_current_error()
  File "/usr/local/lib/python3.8/dist-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('X509 V3 routines', 'X509V3_parse_list', 'invalid null name'), ('X509 V3 routines', 'do_ext_nconf', 'invalid extension string'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')]
[pid: 22|app: 0|req: 3/10] 172.29.0.1 () {44 vars in 678 bytes} [Wed May  5 17:33:06 2021] POST /acme/order/P36qQTtD8Dyo/finalize => generated 0 bytes in 398 msecs (HTTP/1.1 500) 0 headers in 0 bytes (0 switches on core 0)