pebble
pebble copied to clipboard
Add "dns-account-01" support from draft-ietf-acme-scoped-dns-challenges
This change implements the dns-account-01
ACME challenge as specified in draft-ietf-acme-scoped-dns-challenges.
The relevant validation label computation is:
"_" || base32(SHA-256(<ACCOUNT_RESOURCE_URL>)[0:10]) || "._acme-" || <SCOPE> || "-challenge"
where SCOPE is one of { host
, wildcard
}. A SCOPE of { domain
} is unimplemented.
This implementation is interoperable with the https://github.com/eggsampler/acme changes in https://github.com/eggsampler/acme/pull/21 and passes the TestWildcardDNSAccount
test.
This change also supplies a cursory integration test in https://github.com/fastly/pebble/commit/253e097e0b3c40fd55da39f0648236104f8fdb8e: add eggsampler/acme tests The test is run in a similar manner to Boulder:
./t.sh
Solves https://github.com/letsencrypt/pebble/issues/425.