-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to create ACME account with EAB #614
Comments
From looking at what the code does, it sounds to me like the Keyfactor ACME server is implementing RFC 8555 incorrectly. https://www.rfc-editor.org/rfc/rfc8555#section-7.3.1 clearly specifies that a
Apparently your server returned something that isn't JSON, and thus not what it should be. (It also seems that the ACME account already exists, otherwise the server should not return 200.) |
@dwandro since you authored dwandro@26b63ff which references this issue: does that commit fix this problem? |
I have exactly the same problem, but with Digicert. Every other ACME client works fine, e.g. acme.sh, Lego, certbot, my own client written in Go, but I can't get it to work with Ansible. Every time I get the following message:
|
@Flybro do you know whether there is a testing/staging version of the Digicert CA that can be used for free? If yes, I can try debugging this. If it requires a paid account, I won't be able to do that. Since you seem to have experience with developing ACME clients and have access to Digicert's ACME endpoint, you could also try to debug this. |
@felixfontein, thank you for your efforts. If you like, I can send you the KID and KEY and a minimal example that I have used here. Give me an address where I can send them and I will do it immediately. Sorry, but when it comes to Python, my debugging skills are rather poor. |
If you are comfortable doing this (this has some security implications on your end!) you can send it to the email address in https://github.com/ansible-collections/community.crypto/blob/main/plugins/modules/crypto_info.py#L4. |
I have sent you an email explaining what, how and why. Thank you very much for your help. I will try to get in touch with my colleagues around me who are well versed in Python and together we will try to investigate the problem further. If we find something, I will let you know. |
Thanks, that additional information and debug output helped! #681 fixes this issue. |
SUMMARY
Unable to create ACME account using 'acme_account' module. Our company uses Keyfactor ACME solution, which requires External Account binding.
I am able to create account using certbot acme client.
ISSUE TYPE
COMPONENT NAME
Module: community.crypto.acme_account
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Note: We are using Keyfactor ACME server.
Create following playbook:
Run command:
EXPECTED RESULTS
ACME Account is created.
ACTUAL RESULTS
Get following error:
The text was updated successfully, but these errors were encountered: