search

smallstep / certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
https://smallstep.com/certificates
Apache License 2.0
6.57k stars 428 forks source link

ACME client crash while unable to find meta.TermsOfService in directory #136

Closed mmaridev closed 4 years ago

mmaridev commented 4 years ago

Subject of the issue

The ACME client built-in in Proxmox wants to display the terms of service you have to accept while registering. Since he's unable to find the variable in the json, the client simply crashes.

Your environment

Steps to reproduce

Expected behaviour

Registration works fine

Actual behaviour

Registration fails cause unable to find the tos link

Additional context

I guess their ACME has been thought just to work with let's encrypt's boulder, which has this field... https://acme-v02.api.letsencrypt.org/directory

mmaridev commented 4 years ago

https://tools.ietf.org/html/rfc8555#section-9.7.6

mmalone commented 4 years ago

Hey @mmaridev, thanks for the report.

According to RFC8555 § 7.1.1 the termsOfService URL is an optional metadata field. Since step-ca is a private CA, terms of service don't make much sense -- I'm not sure what we'd put in that field. So I think this is a Proxmox bug. I think our best bet is to try to get it fixed with them.

If you open a bug on their side feel free to cross-link it here and I'd be happy to help you argue our case over there.

mmaridev commented 4 years ago

https://bugzilla.proxmox.com/show_bug.cgi?id=2462

mmaridev commented 4 years ago

This has been upstream fixed, opening a new issue.