Bug #3453

Let's Encrypt: staging request always fails

Added by Giacomo Sanchietti 8 months ago. Updated 8 months ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.10
Security class: Resolution:
Affected version:v6.10 NEEDINFO:No

Description

Let's Encrypt has planned EOL for ACMEv1 protocol, see https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

The staging API for ACMEv1 are already in EOL, as consequence the procedure described in the manual (https://docs.nethserver.org/en/v6/base_system.html#test-certificate-creation) is not functional.

Requested changes:

- import new deydrated RPM from epel: http://download-ib01.fedoraproject.org/pub/epel/6/i386/Packages/d/dehydrated-0.6.5-1.el6.noarch.rpm
- update letsencrypt-certs script to use ACMEv2

--
Thanks to nrauso

History

#1 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti 8 months ago

  • Category set to nethserver-base
  • Assignee set to Giacomo Sanchietti

#4 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70

In nethserver-testing:
- nethserver-letsencrypt-1.0.5-1.1.g480b1dc.ns6.noarch.rpm
- dehydrated-0.6.5-1.el6.noarch.rpm

Test case 1
- Verify that the staging requests work correctly

Test case 2
- Verify that the non-staging requests work correctly

Test case 3
- Verify a certificate obtained with ACMEv1 can be renewed after the update

#6 Updated by Nicola Rauso 8 months ago

  • Assignee set to Nicola Rauso

#7 Updated by Nicola Rauso 8 months ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Nicola Rauso)
  • % Done changed from 70 to 90

Tested: OK

Everything works flawlessly in all the three test cases

#8 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Release:
- nethserver-letsencrypt-1.0.6-1.ns6.noarch.rpm
- dehydrated-0.6.5-1.el6.noarch.rpm

Also available in: Atom PDF