Skip to main content
Community
How to enable Javascript
Sign Up
Login
Community
Community
Buypass Company Site
Home
Profile
Andriy Mahats
official rep
Andriy_Mahats
Joined
Thu Nov 15 08:54:09 UTC 2018
67
posts
10
likes received
1
followers
Latest Posts
Re: Limit of 5 domain names per certificate - any plan to increase it?
Hi @VittG We are not considering to increase the number of domains per certificate. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Failed to create order: Some of the identifiers requested were rejected
Hi @Robert Zou The Certification Authority Authorization (CAA) DNS Resource Record does not specify Buypass CA, so we are not authorized to issue certificates for robertzou.tk domain.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Unable to validate sub-domains on prod server, only on test.
Hi @lars Our implementation will not verify the challenge again until we get explicit request from client. As we see there were no further requests in production for challenge verification from…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Unable to validate sub-domains on prod server, only on test.
Hi @lars There were challenge validation attempts on 3 domains - one base domain and two subdomains. The challenge on base domain was validated successfully.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Unable to validate sub-domains on prod server, only on test.
Hi @lars Could you provide us with more details, like “MDC-correlationId” response header value, which is sent as a response header from our server and also the date/time for the failed challenge…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Deactivating an Authorization
Hi @Stefan We have released a fix today to resolve this issue in our production environment. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
1
Questions
Reported - view
Re: DNS-01 validation and caching
Hello @Andreea Ramstadt We consider the querying of authoritative DNS servers as improvement to our current solution, however we haven’t taken that decision yet and the ETA is unknown.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: DNS-01 validation and caching
Hello @Andreea Ramstadt We do not require the TXT record to be sole or the first record, if multiple are present. We are not using the authoritative DNS server.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Deactivating an Authorization
Hi @Stefan Thanks for reporting the issue and detailed info. We have identified the bug and fixed it in test environment. We plan to deploy the fix to production.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
1
Questions
Reported - view
Re: All authorizations were not finalized by the CA.
Hello @Tor Christian There was single attempt to validate DNS challenge on that authorization. After querying the TXT records on validation domain name no records were found.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: MALFORMED_BAD_REQUEST while renew an expiring certificate
Hi @Jozsef Szilagyi Thanks for reporting detailed info and update. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Authentication after updating CAA
Hi @Stuart Henderson We have identified a bug and deployed a fix yesterday. Please let us know in case you still experience issues getting certificate. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
1
Questions
Reported - view
Re: List of ips to allow on firewall
Hi FYI: we added support for following of redirects during the http challenge validation. It is now available in production and test environments. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Future features
Hi @chin We added support for following of redirects during the http challenge validation. It is now available in production and test environments. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
1
Discussion
Reported - view
Re: Support for IDN Domains
Hi @Georg We added support for following of redirects during the http challenge validation. It is now available in production and test environments. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Do you follow redirect when validate http-01 ?
Hi @chin We added support for following of redirects during the http challenge validation. It is now available in production and test environments. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Support for verifying challenges over IPv6
Hi @Andre Tomt Thanks. Sorry for the late reply. We do not support verifying challenges over IPv6 at the moment. We plan to add support for this during next year. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Support for OCSP Must-Staple
Hi @Chris Hoye Sorry for late reply. We do not have support for OCSP Must Staple at the moment, but will consider to include it. Regards, Andriy
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Keep the same DNS challenge string for renewals?
Hi @Captain Mish The value provisioned as TXT record is the digest of key-authorization (see more here: https://tools.ietf.org/html/rfc8555#section-8.4 and https://tools.ietf.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Support for verifying challenges over IPv6
Hi @Andre Tomt Could you provide us with more details, like “MDC-correlationId” response header value, which is sent as a response header from our server and also the date/time for the failed…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: mail and acme-client
Hi @22Decembre After analyzing the source code of OpenBSD’s acme-client we found that it cannot be used with our API. Here is the snippet from source as of today: https://cvsweb.openbsd.…
Andriy Mahats
official rep
Andriy_Mahats
4 yrs ago
Questions
Reported - view
Re: Future features
Hi @fomm While we recognize that international domain names serve an important purpose, we are more concerned about their possible utilization in phishing attacks.…
Andriy Mahats
official rep
Andriy_Mahats
5 yrs ago
Discussion
Reported - view
Re: ACME V2 error: HTTP 406 Not Acceptable
Hi @Anindya It looks that there is a content negotiation issue on the endpoint to download the certificate. According to https://tools.ietf.org/html/rfc8555#section-7.4.…
Andriy Mahats
official rep
Andriy_Mahats
5 yrs ago
Questions
Reported - view
Re: "Certificate won't be issued for more than 2 domain(s)"
Hi @Calvin Hoy Sorry for any miscommunication. We support 5 domains in production after a release earlier today. Prior to this date we supported them in test only.…
Andriy Mahats
official rep
Andriy_Mahats
5 yrs ago
Questions
Reported - view
Re: ACME V2 - staging vs production behaviour is different.
Hi @webprofusion We plan to adjust the test and production environments to have equal features with respect to multi-domain and will update the info on community once this is in place.…
Andriy Mahats
official rep
Andriy_Mahats
5 yrs ago
Questions
Reported - view
1
2
3
Home
GO SSL ACME
Technical Information
Tips, Tricks and Guides
Discussion
Questions
View all topics
Buypass Company Site
