pebble Add "dns-account-01" support from draft-ietf-acme-scoped-dns-challenges

Add "dns-account-01" support from draft-ietf-acme-scoped-dns-challenges

Open sheurich opened this issue 4 months ago • 2 comments

This change implements the dns-account-01 ACME challenge as specified in draft-ietf-acme-scoped-dns-challenges.

The relevant validation label computation is:

"_" || base32(SHA-256(<ACCOUNT_RESOURCE_URL>)[0:10]) || "._acme-" || <SCOPE> || "-challenge"

where SCOPE is one of { host, wildcard }. A SCOPE of { domain } is unimplemented.

This implementation is interoperable with the https://github.com/eggsampler/acme changes in https://github.com/eggsampler/acme/pull/21 and passes the TestWildcardDNSAccount test.

This change also supplies a cursory integration test in https://github.com/fastly/pebble/commit/253e097e0b3c40fd55da39f0648236104f8fdb8e: add eggsampler/acme tests The test is run in a similar manner to Boulder:

./t.sh

Solves https://github.com/letsencrypt/pebble/issues/425.

Feb 21 '24 12:02 sheurich

pebble pebble copied to clipboard

Add "dns-account-01" support from draft-ietf-acme-scoped-dns-challenges

pebble
pebble copied to clipboard