英文:
Golang ACMEv2 HTTP-01 challenge not challenging server
问题
使用这段代码,我正在尝试进行手动的HTTP-01挑战,以更好地理解该过程的工作原理。所有的请求都返回了预期的201/200响应,并且我能够成功地创建挑战。
然而,ACME服务器似乎从未对HTTP服务器发起挑战。当向挑战URL发起POST请求时,我会收到成功的返回:
2022/07/17 13:49:28 challenge response {
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}
然而,当轮询授权状态时,我可以看到它仍然保持待定状态:
2022/07/17 13:49:43 authorization response {
"identifier": {
"type": "dns",
"value": "billabull.com"
},
"status": "pending",
"expires": "2022-07-24T13:49:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/uHeVHQ",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/RomB0g",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}
]
}
目前,我在服务器可用的情况下轮询了2分钟(超时时间),所以我认为它应该在这个时间范围内完成。
我还测试了HTTP服务器是否在域名billabull.com的80端口上可用,并且发起GET请求到挑战路径确实返回了正确的密钥授权。然而,ACME服务器从未向服务器发起请求。
有人知道为什么ACME服务器可能不会对我的服务器发起挑战吗?
英文:
With this code I am attempting a manual HTTP-01 challenge to better understand how the process works. All the requests return 201/200 responses with the expected bodies, and I am able to successfully create the challenge.
The ACME server never seems to challenge the HTTP server however.
I get a successful return when POST'ing to the challenge URL:
2022/07/17 13:49:28 challenge response {
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}
However when polling the authorization status I can see that it stays pending:
2022/07/17 13:49:43 authorization response {
"identifier": {
"type": "dns",
"value": "billabull.com"
},
"status": "pending",
"expires": "2022-07-24T13:49:27Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/uHeVHQ",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/RomB0g",
"token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}
]
}
Currently I poll for 2 minutes (with the server available) before timing out, so I feel that it should reasonably happen within that time frame.
I have also tested that the HTTP server is made available on port 80 from the domain billabull.com, and making a GET request to the challenge path does return the correct key authorization. However the ACME server is never making a request to the server to begin with.
Does anyone know why the ACME server might not be challenging my server?
答案1
得分: 0
我在挑战的端点中使用了[]byte("{}")的形式,而不是[]byte{}。
编辑:由于某种原因,这个端点不会出错,但如果你传递错误的请求体,其他端点会出错。
英文:
I had to use a body of []byte("{}") rather than []byte{} for the challenge endpoint
Edit: For some reason this endpoint doesn't error out, but others will if you pass incorrect body
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论