Open Xianic opened 4 years ago
/cc @FiloSottile @x1ddos
As per https://pkg.go.dev/golang.org/x/crypto/acme?tab=doc#Directory ,
// AuthzURL is used to initiate identifier pre-authorization flow.
// Empty string indicates the flow is unsupported by the CA.
Also, https://tools.ietf.org/html/rfc8555#section-7.1.1 clearly states that
If the ACME server does not implement pre-authorization (Section 7.4.1), it MUST omit the "newAuthz" field of the directory.
Guess, the check has to be added by application using acme library.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes (latest version in use)
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Using
golang.org/x/crypto/acme
(golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
ingo.mod
), I register an account with Lets Encrypt's staging v2 API and then call Client.Authorize(). This fails because Discover() returns a Directory withAuthzURL
set to the empty string indicating the pre-authorization flow is not supported by the CA.What did you expect to see?
Some form of
The CA does not implement pre-authorization flow
error message.What did you see instead?
An error returned with text
Post "": unsupported protocol scheme ""