doAcmeChallenge ignores alternate port no.

[bsutton]

For my dev environment I start the server on port 8080.

The call to doACMEChallenge is failing is it builds a URL without a port number with the result that it tries to connect on port 80 and fails.

[bsutton]

This seems to be happening in acme_client getHttpDcvData

  HttpDcvData getHttpDcvData() {
    var keyAuthorization = getKeyAuthorizationForChallenge(VALIDATION_HTTP);
    var token = keyAuthorization!.split('.').elementAt(0);
    return HttpDcvData(
      '${identifier!.value}/.well-known/acme-challenge/$token',
      keyAuthorization,
      getChallengeByType(VALIDATION_HTTP),
    );
  }

the identifier.value has the domain name but no port no.

[bsutton]

We see the following message logged before the call is made (and fails)

Self test challenge... {type: HTTP, fileName: squarephone.biz/.well-known/acme-challenge/ksPAAcFzl5CSUQNXwymuoLcZ0NEpsGTHK00Y5AFQXRs, fileContent: ksPAAcFzl5CSUQNXwymuoLcZ0NEpsGTHK00Y5AFQXRs.wZQeeUT1GoiIsb-N7YRgyTccyL7GBnF_QfeYc6w2rVc, challenge: Instance of 'Challenge'

[bsutton]

So I think the problem is here:

Future<bool> _selfChallengeTest(
      AcmeClient client, HttpDcvData challengeData) async {
    var url = challengeData.fileName;
    if (!url.startsWith('http:') && !url.startsWith('https:')) {
      final idx = url.indexOf(':/');
      if (idx >= 0) {
        final schema = url.substring(0, idx);
        var rest = url.substring(idx);
        rest = rest.replaceFirst(RegExp('^/+'), '');
        url = '$schema://${rest.replaceAll('//', '/')}';
      } else {
        final rest = url.replaceFirst(RegExp('^/+'), '');
        url = 'http://${rest.replaceAll('//', '/')}';
      }
    }

We are pre-pending HTTP:// but we ignore the need to add in the port.

[bsutton]

I will see if I can fix it.

[bsutton]

I have a fix for it, it does mean passing the httpPort around quite a bit.

[gmpassos]

The issue is only on shelf_letsencrypt?

[bsutton]

The bug was on shelf_letsenctypt, I've fixed it.

On Sat, 9 Dec 2023, 6:38 am Graciliano Monteiro Passos, < @.***> wrote:

The issue is only on shelf_letsencrypt?

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/8#issuecomment-1847726534, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OAM3EHEWBCNIPNAYETYINUD5AVCNFSM6AAAAABAMPGHTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBXG4ZDMNJTGQ . You are receiving this because you authored the thread.Message ID: @.***>

[gmpassos]

Nice 👍

Since your PR includes a lot of improvements, I will take a few days to review all of the code and make adjustments on my machine.

Additionally, considering your significant contribution, please include your name and GitHub page in the "Author" section.

[bsutton]

Thank you, I will do that.

Fyi: in raising a pr to give the acme_client bug.

On Sat, 9 Dec 2023, 8:00 am Graciliano Monteiro Passos, < @.***> wrote:

Nice 👍

Since your PR includes a lot of improvements, I will take a few days to review all of the code and make adjustments on my machine.

Additionally, considering your significant contribution, please include your name and GitHub page in the "Author" section.

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/8#issuecomment-1847837277, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OBTQ5NB7QJKJDHXXALYIN5WPAVCNFSM6AAAAABAMPGHTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBXHAZTOMRXG4 . You are receiving this because you authored the thread.Message ID: @.***>

[gmpassos]

...Also, I will need to test it in the staging environment of some internal projects that are using shelf_letsencrypt.

[bsutton]

Sound good, key me know if I've broken anything:)

On Sat, 9 Dec 2023, 8:02 am Graciliano Monteiro Passos, < @.***> wrote:

...Also, I will need to test it in the staging environment of some internal projects that are using shelf_letsencrypt.

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/8#issuecomment-1847839698, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OCVHQPWAHURJ5OH643YIN577AVCNFSM6AAAAABAMPGHTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBXHAZTSNRZHA . You are receiving this because you authored the thread.Message ID: @.***>

[bsutton]

So this looks to be a bigger issue. Anywhere we do a call back to the local server the code is broken because it ignores the current port.

Worry the current api the porr isn't known until the users starts the server but we have a number methods that are valid independently of starting the server.

It kids to be like we need to move the port and bind address to the letsencrpt constructor.

This would be a breaking change but I think it's the right way to do it.

Thoughts?

[gmpassos]

The point is that LetsEncrypt should be able to handle multiple domains in the same address:port.

The custom port is only needed for the HTTP challenge? If it's true, it knows the listening port of the HTTP server that it started. (should be inserted in the HTTP URL only if it's different than 80).

[bsutton]

The point is that LetsEncrypt should be able to handle multiple domains in the same address:port. I don't believe that I've made any changes to inhibit this. Have you raised this due to a concern or problem?

The custom port is only needed for the HTTP challenge?

I had to make changes in two spots:

• _selfChallengeTest
• isDomainHttpsOk So the custom port details were required for both HTTP and https.

should be inserted in the HTTP URL only if it's different than 80). I've been a little lazy by always inserting the port. It's essentially invisible to the user and valid so I don't really see the issue. If you want I can make it conditional?

[gmpassos]

Make the changes. I don't think they will be backward incompatible.

[bsutton]

I think I've now made all the changes I'm going to, so go ahead and merge if you are happy with everything.

[gmpassos]

Do you want to make any new adjustment or wait some dependency fix/patch?

[bsutton]

I'm all done.

On Sat, Dec 16, 2023 at 7:33 AM Graciliano Monteiro Passos < @.***> wrote:

Do you want to make any new adjustment or wait some dependency fix/patch?

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/8#issuecomment-1858453413, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OGJIEHJPI7BO4QLU2TYJSXYLAVCNFSM6AAAAABAMPGHTGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJYGQ2TGNBRGM . You are receiving this because you authored the thread.Message ID: @.***>

[bsutton]

Fixed via: https://github.com/gmpassos/shelf_letsencrypt/pull/6