ACME.js attempts to POST challenges repeatedly rather than GET the authorization status #9

新しいイシュー

オープン

sam-lordが2021-04-07 11:01:17 +00:00に作成 · 2件のコメント

sam-lord がコメント 2021-04-07 11:01:17 +00:00

リンクをコピー

Noticed that when testing Greenlock.js against the Pebble ACME server (official testing server for ACME protocol), I received the following error repeatedly:

[acme-v2] mydomain.local status:400 Cannot update challenge with status valid, only status pending

It appears as though another ACME client had the same issue: https://github.com/letsencrypt/pebble/issues/133

Works without errors when used against live / staging, but the speed of localhost demonstrates the issue. The issue above explains the correct flow for these requests to avoid errors.

--

BTW, relative novice here w.r.t ACME & Greenlock

Noticed that when testing Greenlock.js against the Pebble ACME server (official testing server for ACME protocol), I received the following error repeatedly: >[acme-v2] mydomain.local status:400 Cannot update challenge with status valid, only status pending It appears as though another ACME client had the same issue: https://github.com/letsencrypt/pebble/issues/133 Works without errors when used against live / staging, but the speed of localhost demonstrates the issue. The issue above explains the correct flow for these requests to avoid errors. -- BTW, relative novice here w.r.t ACME & Greenlock

sam-lord がコメント 2021-04-08 11:23:46 +00:00

作成者

リンクをコピー

Seems like this issue can be solved in ACME._postChallenge in the checkResult function by adding 'pending' to the possible states that result in pollStatus getting called. I'll submit a patch for this soon.

Subsequent error is that the finalize URL is called twice - if the ACME server validates the challenge in the initial call then any further calls will error with a 403 because you can't finalize an already valid certificate. Trying to determine whether there's a POST-as-GET alternative for ACME._pollOrderStatus - looking at other implementations

Seems like this issue can be solved in `ACME._postChallenge` in the `checkResult` function by adding 'pending' to the possible states that result in `pollStatus` getting called. I'll submit a patch for this soon. Subsequent error is that the finalize URL is called twice - if the ACME server validates the challenge in the initial call then any further calls will error with a 403 because you can't finalize an already valid certificate. Trying to determine whether there's a POST-as-GET alternative for `ACME._pollOrderStatus` - looking at other implementations

sam-lord がコメント 2021-04-08 11:51:11 +00:00

作成者

リンクをコピー

SO ACME._pollOrderStatus should use the same GET on order._orderUrl as was used in ACME._postChallenge. I've made a patch for this locally and it works great.

I'll tidy it up a bit and create a PR.

SO `ACME._pollOrderStatus` should use the same GET on `order._orderUrl` as was used in `ACME._postChallenge`. I've made a patch for this locally and it works great. I'll tidy it up a bit and create a PR.

サインインしてこの会話に参加。

ブランチ/タグ指定なし

ブランチ タグ

master

v1.x

bugfix-accept-pem

v3

v1

wip-v3

browser-v2

errors

v2

skip-valid-challenge

v1.8.7

v3.1.1

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.2

v3.0.1

v1.8.6

v1.8.5

v1.8.4

v1.8.2

v1.8.1

v1.8.0

v1.7.7

v1.7.6

v1.7.5

v1.7.3

v1.7.2

v1.7.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.1

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v0.6.2

v0.6.1

v0.6.0

v0.0.2

ラベル

項目なし

ラベルなし

マイルストーン

項目なし

マイルストーンなし

担当者

担当者をクリア

coolaj86

担当者なし

1 人の参加者

通知

購読する

期日

期日は未設定です。

依存関係

依存関係が設定されていません。

リファレンス: root/acme.js#9

説明はありません。