Regarding the new
account-uri implementation for CAA records ACME-CAA “validation-methods” support I don’t know what is the right uri we should use to validate our account.
If we check our reg file:
We will see an uri field for our account, something like this:
So I created a CAA record
0 issue "letsencrypt.org\; account-uri=https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg"
and tried it but I got this error:
Failed authorization procedure. sub.domain.tld (dns-01): urn:ietf:params:acme:error:caa :: CAA record for sub.domain.tld prevents issuance
If we check boulder code for
accountURIPrefixes https://github.com/letsencrypt/boulder/search?q=accountURIPrefixes&unscoped_q=accountURIPrefixes we see a couple of examples for uri prefixes:
So I tried:
https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg https://acme-staging-v02.api.letsencrypt.org/acct/reg/abcdefg https://letsencrypt.org/acct/reg/abcdefg
But the only one that works is:
0 issue "letsencrypt.org\; account-uri=https://acme-staging-v02.api.letsencrypt.org/acme/reg/abcdefg"
And that is the format for uri in api version 01 (
acme/reg) instead of the format in new api version 02 (
acme/acct) so for me it is a bit confuse .
https://acme-staging-v02.api.letsencrypt.org/acme/reg/abcdefg the right uri to use in
account-uri param (I suppose it is because it works but…)?.
2.- Would this change in a future to
Thank you in advance.