I have run into a problem that seems similar to yours. I'm still
debugging it (or rather trying to find the time to do so), but I believe
the problem is that acme-client does not correctly handle the "pending"
status: it is handled as "valid". As a result, the challenge file is
removed before the acme server could verify it.
In my case, disabling the code that removes the challenge file (see diff
below) improves the chance of success. Perhaps that's helpful to you too
as a temporary workaround.
Index: chngproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/chngproc.c,v
retrieving revision 1.12
diff -p -u -r1.12 chngproc.c
--- chngproc.c 24 Jan 2017 13:32:55 -0000 1.12
+++ chngproc.c 25 May 2018 21:10:39 -0000
@@ -139,8 +139,10 @@ out:
if (fd != -1)
close(fd);
for (i = 0; i < fsz; i++) {
+#if 0
if (unlink(fs[i]) == -1 && errno != ENOENT)
warn("%s", fs[i]);
+
No comments:
Post a Comment