Can we enable the use of customized certificates for Pebble testing?

[jgao1025]

background

When I was trying to let client to talk to pebble server at https://pebble:14000/dir, it says no valid connection because pebble is not a recognised CA server. I tried to add pebble.minica.pem to the system wide but it is still not working. After a lot of testing, I finally find that I can add a ssl option to let ssl accept this ca file.

The revelent code is here

After I hard coded the option to be like this, the requests passed. I can continue to do the challenge.

  @client = Acme::Client.new(private_key: private_key, directory: directory,
                                    connection_options: {
                                      :ssl => {
                                        :ca_file => '/usr/lib/ssl/certs/pebble.minica.pem',
                                        :ca_path => "/usr/lib/ssl/certs"
                                      }
                                    })

expected result

A new user attributes available to allow developer to accept customised root CA certificate.

[thoutenbos]

Hey @jgao1025,

It seems you are using this cookbook against a local / internal Pebble server? Although with some small changes it should probably work (as the CA etc) but I must say the cookbook has been developped and tested to work against the servers from Let's Encrypt. Hope this helps!

Br, Thijs

[jgao1025]

@thoutenbos Ohhh, yes. Thanks. I see. My Pebble server is running in docker container and it is in the pebble network. The cookbook is running in another container in the docker default network. I used docker network connect pebble_acmenet <container> to make those containers connect together. That's why I got numerous issues when I try to set up a testing infra.