Let's Encrypt client user-agent problem

i deploy a .net core client for my bussiness, today i received email

Action is strongly recommended to prevent problems with your Let's Encrypt
certificate renewals.

A client you have used to access the Let's Encrypt API in the past 60 days has
identified itself (its "user agent") as "Go-http-client". This is a generic
name for the underlying library that the client uses, which does not give us
enough information to track and resolve problems with the client or clients.

This mean, i must set user-agent for http client without set default, but have any rule for user-agent name ?

Thanks

Are you sure your .NET Core client identifies itself as “Go-http-client”? Perhaps double check if you have a Go-based ACME client as well?

RFC8555 (ACME) specifies:

ACME clients MUST send a User-Agent header field, in accordance with [RFC7231]. This header field SHOULD include the name and version of the ACME software in addition to the name and version of the underlying HTTP client software.

and then the HTTP spec goes on to define a syntax:

User-Agent = product *( RWS ( product / comment ) )
product         = token ["/" product-version]
product-version = token

My own ACME client:

eggsampler-acme/1.0 Go-http-client/1.1 fleetssl-cpanel/0.15.2

Certbot sends a very detailed one:

CertbotACMEClient/0.34.2 (certbot-auto; Ubuntu 19.04) Authenticator/XXX Installer/YYY (SUBCOMMAND; flags: FLAGS) Py/2.7.16

acme.sh sends:

acme.sh/2.8.2 (https://github.com/Neilpang/acme.sh)

I think as long as you include the name, version, and optionally a URL/contact address in the comment, you should be fine.

2 Likes