dimatha
commented
2 years ago I've implemented a workaround for now. Now the priority is to get the new-account working with the cert-manager not using KID.
Closed dimatha closed 2 years ago
dimatha
commented
2 years ago I've implemented a workaround for now. Now the priority is to get the new-account working with the cert-manager not using KID.
glatzert
commented
2 years ago Sorry for not answering. I rewrote the code, so it'll work in the next release and provide a proper certificate(-chain).
dimatha
commented
2 years ago No worries! Thanks for your feedback. I was just wondering if I’m missing something as it is mentioned in the documentation that it suppose to work with the certbot. But the logic wasn’t in the code. We also had to implement the new-account logic using JWK instead of using KID to get it going with the cert-manager.
glatzert
commented
2 years ago Well, the product is not production ready, since I only recently started testing with clients. Nevertheless, would you be so kind and contact me via my email?
Hello @glatzert ! Thanks for the great work!
I've tried this project today and it seems like I manage to get it going, but when downloading the certificate as at last stage ("POST /order/B-GwLBdUqUGIoHSntp-1Qw/certificate) , certificate chain is not in PEM format. I don't have that much experience with Microsoft/c#. Am I missing something ?
The content type is set right "Content-Type: application/pem-certificate-chain" I believe, that where the conversion should happen: https://github.com/glatzert/ACME-Server-ACDS/blob/862a12fd95a0c68f818844cfccb19ec5620f0aed/src/ACME.CertProvider.ACDS/CertificateIssuer.cs#L36
I'm using certbot as a test client. https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.9.1
Response:
Thank you in advance