0
Buypass is not compatible with ACME client "dehydrated"
Hi,
I'm using the ACME client "dehydrated" which is also included in some major Linux distributions (e.g. Debian) and wanted to try Buypass instead of Let's Encrypt. However trying to get a certificate results in an error message:
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ ERROR: An error occurred while sending post-request to https://api.buypass.com/acme-v02/authz/G0Fkt_z-0RochbZHzBzKX9oCvH1a_hNbELSOpbtAfso,"https://api.buypass.com/acme-v02/authz/Mjfp5ZUTZvmb3EB0w83kx-YE8BCgZ7_8rStUN2vDCaA","https://api.buypass.com/acme-v02/authz/bLXsW8nhZSevpj42cqS8MXNSF9W1GHYnvOjLveAZap4", (Status 404)
Details:
HTTP/1.1 100 Continue
HTTP/1.1 404 Not Found
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Methods: GET,PUT,POST,OPTIONS,HEAD,DELETE
Access-Control-Allow-Origin: https://www.buypass.no
Cache-Control: no-store
Content-Language: en
Content-Length: 65
Content-Type: application/json
Date: Tue, 30 Jun 2020 12:34:39 GMT
Mdc-Correlationid: f9e11239-5df0-4779-a444-58bc95948c03
Vary: Accept-Encoding
X-Buypass-Internal-Error-Detail-Code: NOT_FOUND
{"code":404,"message":"NOT_FOUND","details":"HTTP 404 Not Found"}
I'm not sure if the incompatibily is in the client or in the server, but unfortunately they don't work with each other. Someone else has already created a Github issue about Buypass, but so far without a solution. Any idea what could be the issue?
2 replies
-
Seems to be responding; https://api.buypass.com/acme-v02/authz/G0Fkt_z-0RochbZHzBzKX9oCvH1a_hNbELSOpbtAfso
Looks like they are all sent in at the same time here:
+ ERROR: An error occurred while sending post-request to https://api.buypass.com/acme-v02/authz/G0Fkt_z-0RochbZHzBzKX9oCvH1a_hNbELSOpbtAfso,"https://api.buypass.com/acme-v02/authz/Mjfp5ZUTZvmb3EB0w83kx-YE8BCgZ7_8rStUN2vDCaA","https://api.buypass.com/acme-v02/authz/bLXsW8nhZSevpj42cqS8MXNSF9W1GHYnvOjLveAZap4", (Status 404)
-
So with a little bit of Bash tracing I figured out what the problem is:
- The official Let's Encrypt API returns pretty-printed JSON.
- The Buypass API returns minified JSON.
- dehydrated, being a simple Bash script, uses sed and regular expressions to parse JSON responses (a big no-no in my view) and expects newlines or at least spaces between the items in the "authorizations" list. Since there are no spaces the script doesn't split the authorizations correctly and later sends the above request containing multiple comma-separated URLs.