How can I disable TLS

dxjones · November 3, 2018, 3:21am

I am trying to get started on an ACME v2 client following example code from:

The provided “certbot” example works fine when it connects to the LetsEncrypt staging server.

But when I try to connect to Pebble, I get this failure (as expected):

2018/11/02 23:11:49 Error connecting to acme directory: acme: error fetching response: Get https://localhost:14000/dir: x509: certificate signed by unknown authority

Pebble uses a self-signed certificate, so it is not signed by a recognized authority.

My question is: What minimal surgery to eggsampler/acme is required to allow the TLS “InsecureSkipVerify” option to be enabled ??

any tips appreciated,

_az · November 3, 2018, 5:31am

Pebble always runs with TLS, unless you modify its source code not to.

So, the solution is not to disable TLS, but to disable certificate verification on the client side. You can find a precise example how to do that here.

Basically,

client, err := acme.NewClient("https://localhost:14000/dir", acme.WithInsecureSkipVerify())

Other “options” can be found in the godoc: https://godoc.org/github.com/eggsampler/acme#OptionFunc

dxjones · November 3, 2018, 5:35am

Yes! This solves my problem. I just added that line to my code and got it working.

Thanks!

system · December 3, 2018, 5:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Seeking advice on minimal ACME v2 client to obtain signed certificate from "Pebble" CA Client dev	3	1122	December 2, 2018
Pebble v2.3.0 released Client dev	1	1150	January 17, 2020
ACMEv2 based CA services Client dev	5	1631	February 12, 2020
Stable Pebble releases & Docker images Client dev	1	1088	April 5, 2019
Acme-v1 local server? Client dev	6	1245	June 22, 2018

How can I disable TLS

Related topics