DNS01: How is the challenge supposed to be formatted?

funilrys · March 22, 2019, 12:35pm

Hello @jsha and thanks for your awesome work!

May I ask if this is still actual ?

I also implemented python-acme for our infrastructure and I get the following when running ClientV2().poll_and_finalize() on staging.

Here is the last logs for about 3-5 minutes:

DEBUG: JWS payload:
b''
DEBUG: Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A:
{
  "signature": "LiSsgSD0QflQ-s2XSV4qIyJy1xJbLln_3LtYERbfZ7wh2d8ICOTWWSEvvhVpHW5uo-Bz-NXXvg3NnJVJbAsvQ6MZiQzW2pj-0p8dKivz-R4SV4NhUSEq_F9lfDAqQxmT8JK1w8-9WlaYrAOLuA1G-RYJSONNvWTAkgSExdNBZJYJNAfUvpkGd3txhy3R8-kLOqfhg9QF5NaChsnpKG0wfi44bSSsNLSgdU-WYfifdVEbDm7qX0-QiZ55zBoofiLXMO26AryIpKIoU-CmNXwaNGqRhOOWu9yQgigGcCQIzUaPpsAuq2QByMcEA7yyW23B3vSX6MOIhsojXyEbByKhPQ",
  "protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiVXNTYVVfUkxNNzVxdHMwYWExNmpub2lySVg1MXh1QnZMTWZVUDctR1h2MCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei90TEF5WFNfYTItcGgxR20wSTJWLWJfaE9Pc2JOWnJueVFVZk5maEN4Zi1BIiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODY1MjQ4OSJ9",
  "payload": ""
}
DEBUG: https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A HTTP/1.1" 200 929
DEBUG: Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 929
Boulder-Requester: 8652489
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0nsVTLEmI-zowO3uk4yoRZLry8tAd5W1jbmfraizoXc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 22 Mar 2019 12:26:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 22 Mar 2019 12:26:34 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "test.juris-sb.de"
  },
  "status": "pending",
  "expires": "2019-03-29T09:12:09Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379717",
      "token": "G6h6aagnc_J4fKWZlSRRwQDFJOW529gtyugodWBxMcc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379718",
      "token": "UJICsxiz22UlY8z6KXPR5Xph61ApwN36A10JaF0nVuE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379719",
      "token": "vNN5b7yxtEkiNoNg6rVgTiniUJsAckB6lOQa75wGmeE"
    }
  ]
}
DEBUG: Storing nonce: 0nsVTLEmI-zowO3uk4yoRZLry8tAd5W1jbmfraizoXc

I was (and I’m still) searching for a bug somewhere before getting here.

If it can help save some time while reading the logs, here is the dig output from outside our infrastructure/network.

$ dig +short -t TXT _acme-challenge.test.juris-sb.de
"UJICsxiz22UlY8z6KXPR5Xph61ApwN36A10JaF0nVuE"

Thanks again for everything!

Topic		Replies	Views
Challenge is not checked by acme-staging-v02 Client dev	10	2800	January 5, 2019
Web client dev， help me Client dev	5	744	July 15, 2019
Staging API returning 500 errors Help	3	867	February 25, 2021
ACME Challenge state won't change after POST to authorization challenge url Help	12	1290	March 31, 2022
Making progress....but not http-01 query of the server? Client dev	4	432	July 31, 2023

DNS01: How is the challenge supposed to be formatted?

Related topics