ACMEv2 and Certificate Websites

parveenbhadoo · March 15, 2018, 2:22am

When will it be available on In-Browser Certificate Generators?

Patches · March 15, 2018, 3:22am

The author of gethttpsforfree.com plans to add support in a couple weeks:

https://github.com/diafygi/gethttpsforfree/issues/150

@leader said it would be coming to zerossl.com soon too:

https://github.com/do-know/Crypt-LE/issues/17

Please follow these issues for the latest.

leader · March 17, 2018, 4:30pm

Just wanted to confirm that ZeroSSL should be getting wildcards support in the SSL Certificate Wizard soon enough, now that downloadable client versions have been updated

However, it seems that even if the code gets released now, it will break on 29th of March, when the API change described as “breaking” is going to be deployed. The change introduces a requirement on the POST requests to have a specific Content-Type. Setting that type from within a browser would require the server to “confirm” in the response to a pre-flight request that it is allowed (via Access-Control-Allow-Headers). It does not seem that ACME v2 staging endpoint is configured to respond with that.

Not sure if that is a bug or that header will be coming to the staging environment “in one go” with the content-type change, but it would be nice to deploy the header some time in advance (and in all environments maybe) - so there would be no need to rush with altering clients too close to that deployment date.

Perhaps @cpu knows more about this?

cpu · March 19, 2018, 1:50pm

Hi @leader, congrats on getting ZeroSSL to support ACMEv2

The missing Access-Control-Allow-Headers exception for Content-Type was raised in ACMEv2: POST "new-acct" and all other POST endpoints CORS Access-Control-Allow-Headers necessary for Content-Type of "application/jose+json" · Issue #3554 · letsencrypt/boulder · GitHub and fixed in Boulder master. This commit will be included in tomorrow's staging update and should be in production two days after that.

That should leave a full week to ensure there won't be any problems ahead of the March 29th change. We can of course revisit that date if unexpected problems crop up.

Thanks!

leader · March 19, 2018, 7:53pm

Brilliant, good to know, thanks

chenqijing2 · March 22, 2018, 8:23am

you can the site: freessl.org

system · April 21, 2018, 8:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.