How can I disable TLS


#1

I am trying to get started on an ACME v2 client following example code from:

https://github.com/eggsampler/acme

The provided “certbot” example works fine when it connects to the LetsEncrypt staging server.

But when I try to connect to Pebble, I get this failure (as expected):

2018/11/02 23:11:49 Error connecting to acme directory: acme: error fetching response: Get https://localhost:14000/dir: x509: certificate signed by unknown authority

Pebble uses a self-signed certificate, so it is not signed by a recognized authority.

My question is: What minimal surgery to eggsampler/acme is required to allow the TLS “InsecureSkipVerify” option to be enabled ??

any tips appreciated,


#2

Pebble always runs with TLS, unless you modify its source code not to.

So, the solution is not to disable TLS, but to disable certificate verification on the client side. You can find a precise example how to do that here.

Basically,

client, err := acme.NewClient("https://localhost:14000/dir", acme.WithInsecureSkipVerify())

Other “options” can be found in the godoc: https://godoc.org/github.com/eggsampler/acme#OptionFunc


#3

Yes! This solves my problem. I just added that line to my code and got it working.

Thanks!