search

unixcharles / acme-client

A Ruby client for the letsencrypt's ACME protocol.
MIT License
495 stars 116 forks source link

acme-client fails when request google acme. #232

Closed jimages closed 10 months ago

jimages commented 10 months ago 
`nonces': undefined method `nonces' for nil:NilClass (NoMethodError)

      client.nonces
            ^^^^^^^
    from /Users/zack/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/acme-client-2.0.15/lib/acme/client/http_client.rb:143:in `store_nonce'
    from /Users/zack/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/acme-client-2.0.15/lib/acme/client/http_client.rb:82:in `on_complete'

Reason:

the response of https://acme-staging-v02.api.letsencrypt.org/directory comes without a Replay-Nonce header however https://dv.acme-v02.test-api.pki.goog/directorydoes which makes store_nonce fail.

Example:

You don't need to obtain a real EAB.


private_key = OpenSSL::PKey::RSA.new File.read 'private_key.pem'
client = Acme::Client.new(private_key: private_key, directory: 'https://dv.acme-v02.test-api.pki.goog/directory')

account = client.new_account(contact: 'mailto:zack@example.com',
                             terms_of_service_agreed: true,
                             external_account_binding:
                              { kid: 'xxxx',
                                hmac_key: 'xxxx' })
unixcharles commented 10 months ago

Thanks for reporting. I was able to reproduce.

You could patch an if nil in there just to make to skip the failure for now but I will publish a fix soon. The Directory object was not design to have access to the client in that context so I will need to do a little bit of a refactoring to fix it clean.