Free ACME CA feature comparison

Client dev
40

I just did some testing against BuyPass staging - until I was ratelimited

I can confirm the following behavior:

  • triggering a challenge will cause their server to immediately retry
  • the standard authz payload is:
    • challenges
    • identifier
    • status
    • wildcard
  • under challenges, the standard payload is:
    • status
    • token
    • type
    • url
  • if an auth is attempted, the challenge receives an additional key
    • validated - timestamp of attempt
  • if the auth fails, the challenge receives an additional key
    • error
  • The error key /might/ have a "subproblems" key (I have not encountered it missing, yet)
  • On every failed attempt, the validated timestamp is updated, and a subproblem is added.

It would have been nice if they put a timestamp in each subproblem.

I should probably store these errors better, but for now I am just storing the MY timestamp, their validation attempt timestamp, and the number of subproblems. (I log the errors, but am storing the data into the database, cross referenced to the order/challenge/auth for quick retrieval and analysis)

Example payload is below.

{'challenges': [{'error': {'detail': 'Errors during validation',
                           'status': 403,
                           'subproblems': [{'detail': 'The server could not '
                                                      'connect to validation '
                                                      'target',
                                            'status': 400,
                                            'title': 'Bad Request',
                                            'type': 'urn:ietf:params:acme:error:connection'},
                                           {'detail': 'The server could not '
                                                      'connect to validation '
                                                      'target',
                                            'status': 400,
                                            'title': 'Bad Request',
                                            'type': 'urn:ietf:params:acme:error:connection'},
                                           {'detail': 'The server could not '
                                                      'connect to validation '
                                                      'target',
                                            'status': 400,
                                            'title': 'Bad Request',
                                            'type': 'urn:ietf:params:acme:error:connection'},
                                           {'detail': 'The server could not '
                                                      'connect to validation '
                                                      'target',
                                            'status': 400,
                                            'title': 'Bad Request',
                                            'type': 'urn:ietf:params:acme:error:connection'}],
                           'title': 'Forbidden',
                           'type': 'urn:ietf:params:acme:error:compound'},
                 'status': 'processing',
                 'token': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                 'type': 'http-01',
                 'url': 'https://api.test4.buypass.no/acme/authz/XXXXXXXXXXXXXXXXXXXX/1',
                 'validated': '2025-04-07T19:59:59Z'},
                {'status': 'pending',
                 'token': 'YYYYYYYYYYYYY',
                 'type': 'dns-01',
                 'url': 'https://api.test4.buypass.no/acme/authz/XXXXXXXXXXXXXXXXXXXX/2'}],
 'identifier': {'type': 'dns', 'value': 'dev.aptise.com'},
 'status': 'pending',
 'wildcard': False}

crossreferencing BuyPass Staging - Failed Challenge stays "Processing"

2 Likes