halkyon
commented
6 years ago FYI, had a similar issue with point 2 as well, PR here: https://github.com/stonemax/acme2/pull/24
Closed hayleyxyz closed 7 months ago
halkyon
commented
6 years ago FYI, had a similar issue with point 2 as well, PR here: https://github.com/stonemax/acme2/pull/24
TerraSkye
commented
5 years ago is there any change that the PR #24 can be merged? the infinite waiting is causing issues as it stands now.
McJoppy
commented
5 years ago The project isn't really maintained. Is anyone willing to maintain a fork?
Everyone who is finding the project seems to run on their own fork and stumble across the same issues with similar solutions.
Would be nice to not have to mix and match commits from the various branches :)
TerraSkye
commented
5 years ago @McJoppy take a look at https://github.com/afosto/yalec we wrote an updated version of the package. with some known issues from this package which we fixed.
McJoppy
commented
5 years ago @TerraSkye a really quick look and it doesn't seem to currently handle DNS authorisation
stonemax
commented
5 years ago Sorry to all!
I've been so busy in the last year, so I didn't have enough time to maintain this project. I've release a new version(1.0.3) to fix this issue, you might be interested @yui-konnu. I'll still maintain this project @McJoppy. If I can't maintain it one day, I will post a notice to inform everyone, but I hope this will never happen.
I've been using this package for a project at work, and I've noticed a number of issues:
When local verification works, but Lets Encrypt's fails (this happened with me due to firewall allowing my connection, but blocked LE's), the order and the challenge objects gets stuck in an "invalid" status.
Any subsequent calls to getOrder() without clearing the order cache (specifying renewal = true may also fix it), will return the same order with the "invalid" status, and getPendingChallenges() will not return the invalid challenges either. This means you are practically unable to ever complete the order.
I fixed this in my forked copy by adding a new method: OrderService::clearCachedOrderInfo(), which I call if($order->status === 'invalid'). Though this can probably be done another way by making the getPendingChallenges() also return 'invalid' status challenges so they can be re-attempted (if they can; untested).
The infinite loops were also a problem for me. I am writing a program that needs to provision and periodically renew TLS certs for 2,500+ websites, having it hang because of a single validation failure is unacceptable, I'd rather it throw an exception so that I can manually intervene.
I fixed this by adding a AuthorizationService::$timeout property, set to a default of 10 seconds. All while() loops will throw an exception after that timeout.
Let's Encrypt has a "Failed Validation limit of 5 failures per account, per hostname, per hour.", so I added a new LocalVerificationFailedException, I can now determine the difference between local verification (which doesn't count towards this limit), and remote verification failures. My program needs to determine the difference between the two so it can keep a note of when it's near the limit.
I haven't put up a PR yet as I'm still working with the package, and will likely make further modifications. However, if there hasn't been any fixes by the time I'm done, I will submit one for each issue.