ACME v2 Staging Server: Known Bugs/Issues

The staging endpoint for the ACME v2 API is now available. Naturally since this is meant for testing there are bugs already being uncovered. Thanks to everyone who is participating!

This thread is meant to capture the known bugs and link to corresponding Boulder/Pebble issues as appropriate. Please consult this thread or search for existing issues in the Boulder repository before reporting a new bug.

Known Issues:

  1. “Orders” field of account object is not implemented yet (Boulder issue #3335), reported by @wulf4096 and @quabla

Resolved Issues:

  1. “Challenges” have “error” field not “errors”. (Boulder issue #3339, blocked on spec work), reported by @eggsampler - Fixed in specification
  2. Incorrect response for newAccount requests matching existing account key. (Boulder issue #3327), reported by oittaa & @serverco Fixed as of 2018-01-09 18:48:00 UTC
  3. Order expiry date is set incorrectly. (staging config issue), reported by @Wulf4096 Fixed as of 2018-01-05 18:10:00 UTC
  4. TLS-SNI-01 is offered as a challenge type instead of TLS-SNI-02. (Blocked on Boulder issue #3297) - TLS-SNI-* is now deprecated.
  5. Full PEM certificate chain is not returned by certificate endpoint. (Boulder issue #3291, Boulder PR #3366), Fixed as of 2018-01-24 18:20:00 UTC
  6. V1 authorizations are reused for V2 orders where possible. (Boulder issue #3328) Fixed as of 2018-02-13
  7. Certificate revocation requests signed by the issuing ACME account require valid, unexpired authorizations for the certificate domain names when this should not be required. (Boulder issue #3331), reported by @Wulf4096 Fixed
  8. Authz deactivation/failure can leave order in stuck state. (Boulder issue #3333), reported by @fszlin Fixed
  9. KeyRollover always fails with error about newkey being in use (Boulder issue 3340, Boulder PR 3373), reported by @eggsampler, Fixed
  10. Expired order authorizations produce 500 serverInternal errors. (Boulder issue #3499, Fixed
5 Likes

2 posts were split to a new topic: DNS Hosting TXT size limits & the V2 API

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.