I started from
+---------------------+--------------------------------+--------------+
| Action | Request | Response |
+---------------------+--------------------------------+--------------+
| 1 Get directory | GET directory | 200 |
| | | |
| 2 Get nonce | HEAD newNonce | 200 |
| | | |
| 3 Create account | POST newAccount | 201 -> |
| | | account |
| | | |
| 4 Submit order | POST newOrder | 201 -> order |
| | | |
| 5 Fetch challenges | POST-as-GET order's | 200 |
| | authorization urls | |
| | | |
| 6 Respond to | POST authorization challenge | 200 |
| challenges | urls | |
| | | |
| 7 Poll for status | POST-as-GET order | 200 |
| | | |
| 8 Finalize order | POST order's finalize url | 200 |
| | | |
| 9 Poll for status | POST-as-GET order | 200 |
| | | |
| 10 Download | POST-as-GET order's | 200 |
| certificate | certificate url | |
+---------------------+--------------------------------+--------------+
- ==> python-acme does it for me.
- ==> account key saved/loaded into/from a safe place
- ==> I got
UJICsxiz22UlY8z6KXPR5Xph61ApwN36A10JaF0nVuE - ==> I'm stuck here.
What I did is:
-
Read Section 8.1
-
Update the TXT record with the Key Authorizations which was generated with the help of
challenge_body.challenge.key_authorization(account_key)- What the function does is documented here: https://github.com/certbot/certbot/blob/d9880721b31ab4e9e9d2fdc38d83ff2bd9078378/acme/acme/challenges.py#L178-L187
-
I also checked it with
challenges.KeyAuthorizationChallengeResponseans it is correct.- What the function does is documented here: https://github.com/certbot/certbot/blob/d9880721b31ab4e9e9d2fdc38d83ff2bd9078378/acme/acme/challenges.py#L115-L145
What do you mean with the following ?
Key authorization -> SHA256 Hash -> Base64 -> Base64Url