diff options
author | rsiddharth <s@ricketyspace.net> | 2020-08-02 20:37:51 -0400 |
---|---|---|
committer | rsiddharth <s@ricketyspace.net> | 2020-08-02 20:37:51 -0400 |
commit | 58c690696b965602500e72658854d804a0613cbf (patch) | |
tree | 85bfe5cbadbf26ed3ba5dfb8b05486b993bbab03 | |
parent | b57b3a8c50f2875ad6156fa26cca15ab12ba52e1 (diff) |
acmens.py: sign_csr: fix dns text record content
It should be base64(sha256(key_authorization))
reference: https://tools.ietf.org/html/rfc8555#section-8.4
-rw-r--r-- | acmens.py | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -206,6 +206,7 @@ def sign_csr(account_key, csr, email=None, challenge_type='http'): challenge = [c for c in chl_result["challenges"] if c["type"] == type_id][0] token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"]) keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint) + dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest()) # build request for the server to test this challenge. test_url = challenge["url"] @@ -225,7 +226,7 @@ DNS TXT record contents: \"{token}\" Notes: - Do not include the quotes in the TXT record. -""".format(domain=domain.replace('*.', ''), token=challenge["token"])) +""".format(domain=domain.replace('*.', ''), token=dns_payload)) else: # Challenge response for http server. response_uri = ".well-known/acme-challenge/{0}".format( |