gosslssl-certificatelets-encryptacme

Golang ACMEv2 HTTP-01 challenge not challenging server


With this code I am attempting a manual HTTP-01 challenge to better understand how the process works. All the requests return 201/200 responses with the expected bodies, and I am able to successfully create the challenge.

The ACME server never seems to challenge the HTTP server however. I get a successful return when POST'ing to the challenge URL:

2022/07/17 13:49:28 challenge response {
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
  "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
}

However when polling the authorization status I can see that it stays pending:

2022/07/17 13:49:43 authorization response {
  "identifier": {
    "type": "dns",
    "value": "billabull.com"
  },
  "status": "pending",
  "expires": "2022-07-24T13:49:27Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/PVI-4A",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/uHeVHQ",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3039193714/RomB0g",
      "token": "yoevDKY_bARdM5uHmVsk3s5lPK8BsBWC-SfmRN8MkLM"
    }
  ]
}

Currently I poll for 2 minutes (with the server available) before timing out, so I feel that it should reasonably happen within that time frame.

I have also tested that the HTTP server is made available on port 80 from the domain billabull.com, and making a GET request to the challenge path does return the correct key authorization. However the ACME server is never making a request to the server to begin with.

Does anyone know why the ACME server might not be challenging my server?


Solution

  • I had to use a body of []byte("{}") rather than []byte{} for the challenge endpoint

    Edit: For some reason this endpoint doesn't error out, but others will if you pass incorrect body