starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

dehydrated does not work with DigiCert ACMEv2 API - ACCOUNT_URL problem #480

New Issue
Closed
opened 2025-12-29 01:25:57 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:25:57 +01:00
Owner
Copy Link

Originally created by @colin-stubbs on GitHub (May 28, 2020).

There appears to be a problem with the way in which dehydrated builds and uses ACCOUNT_URL within init_system()

The current behaviour seems to assume Let's Encrypt specific behaviour, and does not appear to match RFC8555 behaviour description.

Regardless, dehydrated should have a way to force the URL to what an alternate ACME API may expect, given variations between RFC interpretation and actual behaviour in different ACMEv2 API implementations.

Note, correct ACCOUNT_URL seems to found/used on the very first order when the new account API endpoint was used, and it's only on subsequent requests that problems occur.

The DigiCert ACME API responds with this error,

{"detail":"No Key ID in JWS header","status":400,"type":"malformed"}

However the problem is that the account URL included in the order request is simply an empty string.

Originally created by @colin-stubbs on GitHub (May 28, 2020). There appears to be a problem with the way in which dehydrated builds and uses ACCOUNT_URL within init_system() The current behaviour seems to assume Let's Encrypt specific behaviour, and does not appear to match RFC8555 behaviour description. Regardless, dehydrated should have a way to force the URL to what an alternate ACME API may expect, given variations between RFC interpretation and actual behaviour in different ACMEv2 API implementations. Note, correct ACCOUNT_URL seems to found/used on the very first order when the new account API endpoint was used, and it's only on subsequent requests that problems occur. The DigiCert ACME API responds with this error, `{"detail":"No Key ID in JWS header","status":400,"type":"malformed"}` However the problem is that the account URL included in the order request is simply an empty string.
adam closed this issue 2025-12-29 01:25:58 +01:00
adam commented 2025-12-29 01:25:58 +01:00
Author
Owner
Copy Link

@colin-stubbs commented on GitHub (May 28, 2020):

Appears to have already been fixed in dbb0ef1ce1

Yet to be incorporated to an official release however.

@colin-stubbs commented on GitHub (May 28, 2020): Appears to have already been fixed in https://github.com/dehydrated-io/dehydrated/commit/dbb0ef1ce1a93a20fe1cc532adbdf676cb14c3d3 Yet to be incorporated to an official release however.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#480
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?