0

Get http bad request from ACME API

Hi,

We have a ACME solution set up using KeyVault AcmeBot (https://github.com/shibayan/keyvault-acmebot) and are now only recieving HTTP Bad Request responses from your ACME API. This worked last week, and we have not made any changes in our end since we requested new certificates last week.

Has there been any changes on your end lately that might causing this errors?

Regards
Fredrik Melby, Crayon

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Buypass (Does this tagging work?) Maybe you have some answers regarding your Acme API and http400 responses (bad request)?

    Like
    • Fredrik Melby Hi. Do you get an 400 error on every function? Or is it f.ex fetching the certificate that is the issue?

      Like
    • mkon 
       

       Hi, we get http 400 when we try to renew or issue new certificates (same api endpoint in the end i guess?):

      This worked 2/23/24, when we created new certificates with the same setup (AcmeBot build):

      Like
    • Fredrik Melby We did one change, being more strict with the user-agent the client is sending.

      https://datatracker.ietf.org/doc/html/rfc8555#section-6.1

       

      If this is not the case, could you provide more logs on the steps in "new-order" .

      Like
    • mkon thanks, this is most likely the cause of the error responses we get. I will investigate this further and open a new issue against the Acmebot project we use.

      But a little side request:

      - Can you implement a more descriptive error message for clients missing user-agent headers? I raised a similar issue against this project when it was missing the "Accept" header, and your API then responded with a http 400 and error message saying "Required header 'Accept' is not present".
      (https://github.com/shibayan/keyvault-acmebot/issues/671). The same should be done with the user-agent header i think.

      - Is there a change feed or something that we can follow to identify when the BuyPass ACME API has updates?

      Like 1
    • Fredrik Melby Yes, that's a good point. I will investigate the error message further. We should have had a more descriptive message.  We need a changelog up and running on the community, will add that to the tasklist.

      Like 1
    • mkon AcmeBot has now been updated to send user-agent headers with it's acme requests and is now working against your API again 🎉

      Looking forward to see a changelog 👍

      Like
    • Fredrik Melby Very nice. Added a changelog for upcoming updates here: https://community.buypass.com/t/60y86wy/changelog

      Like
Like Follow
  • 9 mths agoLast active
  • 8Replies
  • 133Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains