I’m using the autocert (https://godoc.org/golang.org/x/crypto/acme/autocert) client in an app I’m writing.
When running the app and trying to get a cert for my dev domain (granivo.re), no problem to get a cert (through the TLS-SNI challenge by default I think).
“acme: identifier authorization failed”.
Now, by adding some prints here and there in the client, it seems to me that the client is properly sending the reply stating it is ready to accept the TLS-SNI-01 challenge, but it looks like the server then never tries to connect to actually verify the challenge.
And since I have this problem for one domain and not the other, I’m suspecting the DNS for Let’s Encrypt has some trouble resolving the problematic domain, and therefore the VA never connects where we expect it to.
Could someone with access to the server-side help me confirm that hypothesis please, so I can try and figure out what I need to fix on the domain (I have access to the authoritative DNS for camlistore.net) that Let’s Encrypt does not like?
Any kind of logs related to these attempts would help too.
Are there any docs on the production setup of the DNS for Let’s Encrypt? This way, I could run boulder myself in a similar fashion and try and figure out what’s going on.
The client is running on either Ubuntu 14 or CoreOS (on Google Compute Engine).