Hello @jsha and thanks for your awesome work!
May I ask if this is still actual ?
I also implemented python-acme for our infrastructure and I get the following when running ClientV2().poll_and_finalize() on staging.
Here is the last logs for about 3-5 minutes:
DEBUG: JWS payload:
b''
DEBUG: Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A:
{
"signature": "LiSsgSD0QflQ-s2XSV4qIyJy1xJbLln_3LtYERbfZ7wh2d8ICOTWWSEvvhVpHW5uo-Bz-NXXvg3NnJVJbAsvQ6MZiQzW2pj-0p8dKivz-R4SV4NhUSEq_F9lfDAqQxmT8JK1w8-9WlaYrAOLuA1G-RYJSONNvWTAkgSExdNBZJYJNAfUvpkGd3txhy3R8-kLOqfhg9QF5NaChsnpKG0wfi44bSSsNLSgdU-WYfifdVEbDm7qX0-QiZ55zBoofiLXMO26AryIpKIoU-CmNXwaNGqRhOOWu9yQgigGcCQIzUaPpsAuq2QByMcEA7yyW23B3vSX6MOIhsojXyEbByKhPQ",
"protected": "eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiVXNTYVVfUkxNNzVxdHMwYWExNmpub2lySVg1MXh1QnZMTWZVUDctR1h2MCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei90TEF5WFNfYTItcGgxR20wSTJWLWJfaE9Pc2JOWnJueVFVZk5maEN4Zi1BIiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODY1MjQ4OSJ9",
"payload": ""
}
DEBUG: https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A HTTP/1.1" 200 929
DEBUG: Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 929
Boulder-Requester: 8652489
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0nsVTLEmI-zowO3uk4yoRZLry8tAd5W1jbmfraizoXc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 22 Mar 2019 12:26:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 22 Mar 2019 12:26:34 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "test.juris-sb.de"
},
"status": "pending",
"expires": "2019-03-29T09:12:09Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379717",
"token": "G6h6aagnc_J4fKWZlSRRwQDFJOW529gtyugodWBxMcc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379718",
"token": "UJICsxiz22UlY8z6KXPR5Xph61ApwN36A10JaF0nVuE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/tLAyXS_a2-ph1Gm0I2V-b_hOOsbNZrnyQUfNfhCxf-A/278379719",
"token": "vNN5b7yxtEkiNoNg6rVgTiniUJsAckB6lOQa75wGmeE"
}
]
}
DEBUG: Storing nonce: 0nsVTLEmI-zowO3uk4yoRZLry8tAd5W1jbmfraizoXc
I was (and I’m still) searching for a bug somewhere before getting here.
If it can help save some time while reading the logs, here is the dig output from outside our infrastructure/network.
$ dig +short -t TXT _acme-challenge.test.juris-sb.de
"UJICsxiz22UlY8z6KXPR5Xph61ApwN36A10JaF0nVuE"
Thanks again for everything!