search

unixcharles / acme-client

A Ruby client for the letsencrypt's ACME protocol.
MIT License
495 stars 116 forks source link

How can acme-client work with pebble? #229

Closed jgao1025 closed 1 year ago

jgao1025 commented 1 year ago

Hi,

I want to use pebble to test the flow, and the directory is https://pebble:14000/dir. However, I always got the below error:

pebble-pebble-1        | 2023/10/04 01:39:29 http: TLS handshake error from 10.30.50.4:53746: remote error: tls: unknown certificate authority

It seems that the client didn't accept pebble as a valid ca. I tried to copy the .pem file to /etc/ssl/certs and I also can do curl https://pebble:14000/dir without error after that, but I still experience same error when I try to use acme-client.

To be more specific, I used a cookbook called acme, and it fails at the below line.

43 acme_client.new_account(contact: contact, terms_of_service_agreed: true)

Does anyone know how to solve this problem?

Thanks very much.

unixcharles commented 1 year ago

Pebble should work, that's how I do most of the development of this gem.

If you refer to Faraday, the underlying http client, it explain how to setup your own certificate chain

https://github.com/lostisland/faraday/wiki/Setting-up-SSL-certificates

Exporting the file path to SSL_CERT_FILE as an environment variable is probably the easiest way.