certbot server gives the wrong thumbprint to bullion for http-01
v2px opened this issue · 5 comments
the expected challenge thumbprint doesn't match the one provided by the certbot server.
not sure how certbot even learns what thumbprint it should provide so I couldn't debug more, sorry.
this is what I have (I added the debug output):
`10.9.10.10 - - [28/Jan/2024:06:24:32 +0000] "POST /acme/authorizations/4 HTTP/1.1" 200 - 0.0091
D, [2024-01-28T06:24:32.407556 #24341] DEBUG -- : HTTP-01 connected to http://ldap.example.com/.well-known/acme-challenge/Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn
D, [2024-01-28T06:24:32.410131 #24341] DEBUG -- : Chlnge Token: Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn, thumbprint: fd95c98168b6eba6f84c29400ec4562e5d1196e5bff710b8a5e755a7d421f21b
D, [2024-01-28T06:24:32.410201 #24341] DEBUG -- : Result Token: Hh7FIHd8HzmI4tOezqa7XNtyTjlbUhSTGkBE3ZyC3PLGrYcn, thumbprint: 6KTbsniqZCH95q3Zp0gCGGf6vH9EI0muO054n4LKm_Q`
You found another bug, thank you! This is because I was using hexadecimal to check the thumbprint rather than base64. This should be resolved in 61cb048 (or gem version 0.6.0).
Hello! Sadly it still gives incorrect challenge responses - just different ones. :(
D, [2024-01-29T05:24:26.298121 #26789] DEBUG -- : C WeIYmLHyCAfMHwDpPvfJ0NIMzyKU3KABIMPju5avpebChfjC Kf38_J2vKqLylhgUdBZm07jzQqNq_XniJS0NEvWy0NU
D, [2024-01-29T05:24:26.298202 #26789] DEBUG -- : R WeIYmLHyCAfMHwDpPvfJ0NIMzyKU3KABIMPju5avpebChfjC AThceR3ABsyB_0hYvjN5AgTsNHgDmLxvYw3WhY3iOkg
I'll look into it more tomorrow. Sorry about this; I thought I had fixed it.
Should be all set now with the latest version/commit. I tested it myself with certbot as well.
Yes, from what I can see it’s working perfectly now, thank you! 😊