Golang ACMEv2 HTTP-01挑战未对服务器构成挑战。

huangapple go评论95阅读模式
英文:

Golang ACMEv2 HTTP-01 challenge not challenging server

问题

使用这段代码,我正在尝试进行手动的HTTP-01挑战,以更好地理解该过程的工作原理。所有的请求都返回了预期的201/200响应,并且我能够成功地创建挑战。

然而,ACME服务器似乎从未对HTTP服务器发起挑战。当向挑战URL发起POST请求时,我会收到成功的返回:

2022/07/17 13:49:28 challenge response {
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
  "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}

然而,当轮询授权状态时,我可以看到它仍然保持待定状态:

2022/07/17 13:49:43 authorization response {
  "identifier": {
    "type": "dns",
    "value": "billabull.com"
  },
  "status": "pending",
  "expires": "2022-07-24T13:49:27Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/uHeVHQ",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/RomB0g",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    }
  ]
}

目前,我在服务器可用的情况下轮询了2分钟(超时时间),所以我认为它应该在这个时间范围内完成。

我还测试了HTTP服务器是否在域名billabull.com的80端口上可用,并且发起GET请求到挑战路径确实返回了正确的密钥授权。然而,ACME服务器从未向服务器发起请求。

有人知道为什么ACME服务器可能不会对我的服务器发起挑战吗?

英文:

With this code I am attempting a manual HTTP-01 challenge to better understand how the process works. All the requests return 201/200 responses with the expected bodies, and I am able to successfully create the challenge.

The ACME server never seems to challenge the HTTP server however.
I get a successful return when POST'ing to the challenge URL:

2022/07/17 13:49:28 challenge response {
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
  "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}

However when polling the authorization status I can see that it stays pending:

2022/07/17 13:49:43 authorization response {
  "identifier": {
    "type": "dns",
    "value": "billabull.com"
  },
  "status": "pending",
  "expires": "2022-07-24T13:49:27Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/uHeVHQ",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/RomB0g",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    }
  ]
}

Currently I poll for 2 minutes (with the server available) before timing out, so I feel that it should reasonably happen within that time frame.

I have also tested that the HTTP server is made available on port 80 from the domain billabull.com, and making a GET request to the challenge path does return the correct key authorization. However the ACME server is never making a request to the server to begin with.

Does anyone know why the ACME server might not be challenging my server?

答案1

得分: 0

我在挑战的端点中使用了[]byte("{}")的形式,而不是[]byte{}

编辑:由于某种原因,这个端点不会出错,但如果你传递错误的请求体,其他端点会出错。

英文:

I had to use a body of []byte("{}") rather than []byte{} for the challenge endpoint

Edit: For some reason this endpoint doesn't error out, but others will if you pass incorrect body

huangapple
  • 本文由 发表于 2022年7月17日 21:51:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/73012349.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定