Both pending and complete identifier authorizations return 202 Accepted

h.venev · December 3, 2015, 7:19pm

https://acme-staging.api.letsencrypt.org/acme/challenge/r9GLbxvEvlGJdZtUaalqRUtIjnL5nlm87EsqY81SreM/793970

returns 202 Accepted with no Retry-After. It returned it when “status”:“pending” (still with no , it returns it now when “status”:“valid”.

eva2000 · December 3, 2015, 7:23pm

is staging api end point still in service ? what about using public beta one ?

jhass · December 3, 2015, 7:24pm

@eva2000 they both run the same build, compare https://acme-v01.api.letsencrypt.org/build and https://acme-staging.api.letsencrypt.org/build

eva2000 · December 3, 2015, 7:30pm

i see thanks for the info

h.venev · December 3, 2015, 7:40pm

Sorry about the confusion, the authorization endpoint returns 200, used to be status:pending, now status:valid, no Retry-After at any time. Some data dumps from my client:

unrecognized tls-sni-01
recognized http-01
Create file in htdocs: (CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA)
    .well-known/acme-challenge/CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA
Accept challenge (y/N)? y
Changes done.
Submitted.
Polling
    https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170
[202,
 {'keyAuthorization': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA.dcIYtVuu-LvsnCecLsdkb1ogm2wwxkTepZo-8-KSWaM',
  'status': 'pending',
  'token': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA',
  'type': 'http-01',
  'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170'},
 [('Server', 'nginx'),
  ('Content-Type', 'application/json'),
  ('Content-Length', '315'),
  ('Link',
   '<https://acme-staging.api.letsencrypt.org/acme/authz/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac>;rel="up"'),
  ('Location',
   'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170'),
  ('Replay-Nonce', 'bwjsTJefuPRqyF_Qkz1N4GpkqsBVpX6hpvafE2c9X-s'),
  ('Expires', 'Thu, 03 Dec 2015 19:38:28 GMT'),
  ('Cache-Control', 'max-age=0, no-cache, no-store'),
  ('Pragma', 'no-cache'),
  ('Date', 'Thu, 03 Dec 2015 19:38:28 GMT'),
  ('Connection', 'keep-alive')]]
Polling
    https://acme-staging.api.letsencrypt.org/acme/authz/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac
[200,
 {'challenges': [{'status': 'pending',
                  'token': 'pUf6i7nWlnQ43Y3rfMUB_OUUdTPvAfgFUo9Jx49JIQQ',
                  'type': 'tls-sni-01',
                  'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794169'},
                 {'keyAuthorization': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA.dcIYtVuu-LvsnCecLsdkb1ogm2wwxkTepZo-8-KSWaM',
                  'status': 'pending',
                  'token': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA',
                  'type': 'http-01',
                  'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170'}],
  'combinations': [[1], [0]],
  'expires': '2015-12-10T19:38:26Z',
  'identifier': {'type': 'dns', 'value': 'hristo.venev.name'},
  'status': 'pending'},
 [('Server', 'nginx'),
  ('Content-Type', 'application/json'),
  ('Content-Length', '675'),
  ('Link',
   '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"'),
  ('Replay-Nonce', '3emL9TPFvqLusMyZkZr1gJGlbEtG-RSw8rbsLsWWAno'),
  ('X-Frame-Options', 'DENY'),
  ('Strict-Transport-Security', 'max-age=604800'),
  ('Expires', 'Thu, 03 Dec 2015 19:38:28 GMT'),
  ('Cache-Control', 'max-age=0, no-cache, no-store'),
  ('Pragma', 'no-cache'),
  ('Date', 'Thu, 03 Dec 2015 19:38:28 GMT'),
  ('Connection', 'keep-alive')]]

jhass · December 3, 2015, 7:42pm

If you think you found an implementation issue of the ACME server, you’re better off reporting it at https://github.com/letsencrypt/boulder/issues

h.venev · December 3, 2015, 7:44pm

Polling the authorization endpoint again:

Polling
    https://acme-staging.api.letsencrypt.org/acme/authz/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac
[200,
 {'challenges': [{'status': 'pending',
                  'token': 'pUf6i7nWlnQ43Y3rfMUB_OUUdTPvAfgFUo9Jx49JIQQ',
                  'type': 'tls-sni-01',
                  'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794169'},
                 {'keyAuthorization': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA.dcIYtVuu-LvsnCecLsdkb1ogm2wwxkTepZo-8-KSWaM',
                  'status': 'valid',
                  'token': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA',
                  'type': 'http-01',
                  'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170',
                  'validationRecord': [{'addressUsed': '95.111.59.55',
                                        'addressesResolved': ['95.111.59.55'],
                                        'hostname': 'hristo.venev.name',
                                        'port': '80',
                                        'url': 'http://hristo.venev.name/.well-known/acme-challenge/CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA'},
                                       {'addressUsed': '95.111.59.55',
                                        'addressesResolved': ['95.111.59.55'],
                                        'hostname': 'hristo.venev.name',
                                        'port': '443',
                                        'url': 'https://hristo.venev.name/.well-known/acme-challenge/CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA'}]}],
  'combinations': [[1], [0]],
  'expires': '2016-09-28T19:38:29Z',
  'identifier': {'type': 'dns', 'value': 'hristo.venev.name'},
  'status': 'valid'},
 [('Server', 'nginx'),
  ('Content-Type', 'application/json'),
  ('Content-Length', '1124'),
  ('Link',
   '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"'),
  ('Replay-Nonce', '1KWR0mVabYcoaBsvmbHVcZ46s0ChaL5SMq0oKdWoLBE'),
  ('X-Frame-Options', 'DENY'),
  ('Strict-Transport-Security', 'max-age=604800'),
  ('Expires', 'Thu, 03 Dec 2015 19:41:22 GMT'),
  ('Cache-Control', 'max-age=0, no-cache, no-store'),
  ('Pragma', 'no-cache'),
  ('Date', 'Thu, 03 Dec 2015 19:41:22 GMT'),
  ('Connection', 'keep-alive')]]

And curl $challenge_url:

> GET /acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170 HTTP/1.1
> Host: acme-staging.api.letsencrypt.org
> User-Agent: curl/7.46.0
> Accept: */*
> 
< HTTP/1.1 202 Accepted
< Server: nginx
< Content-Type: application/json
< Content-Length: 766
< Link: <https://acme-staging.api.letsencrypt.org/acme/authz/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac>;rel="up"
< Location: https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170
< Replay-Nonce: qkV9vss0o1T0zOB3ACtXCnHrXxnlIIANZeSJIjOWvWI
< Expires: Thu, 03 Dec 2015 19:43:00 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Thu, 03 Dec 2015 19:43:00 GMT
< Connection: keep-alive
{'keyAuthorization': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA.dcIYtVuu-LvsnCecLsdkb1ogm2wwxkTepZo-8-KSWaM',
 'status': 'valid',
 'token': 'CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA',
 'type': 'http-01',
 'uri': 'https://acme-staging.api.letsencrypt.org/acme/challenge/On_Kjn49KTdh1hj5Zq7XCDOUlZGUvmimNmtcmqIzsac/794170',
 'validationRecord': [{'addressUsed': '95.111.59.55',
                       'addressesResolved': ['95.111.59.55'],
                       'hostname': 'hristo.venev.name',
                       'port': '80',
                       'url': 'http://hristo.venev.name/.well-known/acme-challenge/CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA'},
                      {'addressUsed': '95.111.59.55',
                       'addressesResolved': ['95.111.59.55'],
                       'hostname': 'hristo.venev.name',
                       'port': '443',
                       'url': 'https://hristo.venev.name/.well-known/acme-challenge/CVL0uy6D2dotYLQPBnI7FAoBoC2_CTSAnT2pCgxm5LA'}]}

I reported an issue in boulder.