Commit a86c633e authored by Adrien Dorsaz's avatar Adrien Dorsaz

Merge branch 'acme-rfc-8555' into 'master'

Follow the ACME RFC 8555

See merge request !23
parents 474f4b63 d9763075
Pipeline #276 failed with stages
in 16 minutes and 51 seconds
...@@ -213,8 +213,7 @@ def get_crt(config, log=LOGGER): ...@@ -213,8 +213,7 @@ def get_crt(config, log=LOGGER):
log.info("Install DNS TXT resource for domain: %s", domain) log.info("Install DNS TXT resource for domain: %s", domain)
challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0] challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"]) keyauthorization = challenge["token"] + "." + jwk_thumbprint
keyauthorization = "{0}.{1}".format(token, jwk_thumbprint)
keydigest64 = _base64(hashlib.sha256(keyauthorization.encode("utf8")).digest()) keydigest64 = _base64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
dnsrr_domain = "_acme-challenge.{0}.".format(domain) dnsrr_domain = "_acme-challenge.{0}.".format(domain)
try: # a CNAME resource can be used for advanced TSIG configuration try: # a CNAME resource can be used for advanced TSIG configuration
...@@ -261,8 +260,7 @@ def get_crt(config, log=LOGGER): ...@@ -261,8 +260,7 @@ def get_crt(config, log=LOGGER):
time.sleep(config["DNS"].getint("TTL")) time.sleep(config["DNS"].getint("TTL"))
log.info("Asking ACME server to validate challenge.") log.info("Asking ACME server to validate challenge.")
http_response, result = _send_signed_request(challenge["url"], http_response, result = _send_signed_request(challenge["url"], {})
{"keyAuthorization": keyauthorization})
if http_response.status_code != 200: if http_response.status_code != 200:
raise ValueError("Error triggering challenge: {0} {1}" raise ValueError("Error triggering challenge: {0} {1}"
.format(http_response.status_code, result)) .format(http_response.status_code, result))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment