I’m writing my own client(library) but I have protocol issues.
Answers from the v2 staging server like this :
{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Method not allowed”,
“status”: 405
}
Which tools can I use to pinpoint what’s wrong with the queries that I’m sending ?
Danny
My web server is (include version): N/A (nginx)
The operating system my web server runs on is (include version): raspbian
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
If you are using an existing JOSE library, it should already have tests to ensure that it is correctly signing things and generating keys. If you are rolling your own (not recommended), the JOSE specs have test vectors that you can compare against.
At the ACME level I’d recommend setting up Pebble (github.com/letsencrypt/pebble) and testing against that. That way if you run into an error you don’t understand, you can look at the Pebble code. You can even add printf lines to help explain which code paths are being followed.
I’m extending a home grown esp32 base (IOT) development so it can be reached from my smartphone. I’ve not found any JOSE or ACME libraries that’ll work in this environment.
Also I think I already have a considerable percentage of the code written, see the URL in my original post, and some more in another post two days ago. (Need help figuring out how to query)
I’ve started strongly recommending that any IoT deployment of ACME send traffic through a proxy controlled by the developer. We’ve seen a lot of problems where IoT ACME clients have bugs that result in excessive traffic in aggregate, but that are hard for the developer to debug because they can’t see what the deployed clients are doing. Pushing traffic through the proxy means that you can see when your clients start sending too much traffic, can shut it off if necessary, and can debug and redeploy.
That's the job creating an own client. You can use a tested library. And if I know it correct, one of the required RFC had samples you can use to check that part.
It's possible, I've created my own, raw client without using an existing library.