Merge pull request #2769 from castrapel/lowercase-acme
Ensure hostname is lowercase when comparing DNS challenges. ACME will…
This commit is contained in:
commit
056dfc34e4
@ -19,7 +19,7 @@ import OpenSSL.crypto
|
||||
import josepy as jose
|
||||
from acme import challenges, messages
|
||||
from acme.client import BackwardsCompatibleClientV2, ClientNetwork
|
||||
from acme.errors import PollError, WildcardUnsupportedError
|
||||
from acme.errors import PollError, TimeoutError, WildcardUnsupportedError
|
||||
from acme.messages import Error as AcmeError
|
||||
from botocore.exceptions import ClientError
|
||||
from flask import current_app
|
||||
@ -56,7 +56,7 @@ class AcmeHandler(object):
|
||||
def find_dns_challenge(self, host, authorizations):
|
||||
dns_challenges = []
|
||||
for authz in authorizations:
|
||||
if not authz.body.identifier.value == host:
|
||||
if not authz.body.identifier.value.lower() == host.lower():
|
||||
continue
|
||||
for combo in authz.body.challenges:
|
||||
if isinstance(combo.chall, challenges.DNS01):
|
||||
@ -79,6 +79,10 @@ class AcmeHandler(object):
|
||||
host_to_validate = self.maybe_remove_wildcard(host)
|
||||
host_to_validate = self.maybe_add_extension(host_to_validate, dns_provider_options)
|
||||
dns_challenges = self.find_dns_challenge(host_to_validate, order.authorizations)
|
||||
if not dns_challenges:
|
||||
sentry.captureException()
|
||||
metrics.send('start_dns_challenge_error_no_dns_challenges', 'counter', 1)
|
||||
raise Exception("Unable to determine DNS challenges from authorizations")
|
||||
|
||||
for dns_challenge in dns_challenges:
|
||||
change_id = dns_provider.create_txt_record(
|
||||
@ -127,7 +131,7 @@ class AcmeHandler(object):
|
||||
|
||||
try:
|
||||
orderr = acme_client.poll_and_finalize(order, deadline)
|
||||
except AcmeError:
|
||||
except (AcmeError, TimeoutError):
|
||||
sentry.captureException(extra={"order_url": str(order.uri)})
|
||||
metrics.send('request_certificate_error', 'counter', 1)
|
||||
current_app.logger.error(f"Unable to resolve Acme order: {order.uri}", exc_info=True)
|
||||
|
Loading…
Reference in New Issue
Block a user