summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrsiddharth <s@ricketyspace.net>2020-08-02 20:37:51 -0400
committerrsiddharth <s@ricketyspace.net>2020-08-02 20:37:51 -0400
commit58c690696b965602500e72658854d804a0613cbf (patch)
tree85bfe5cbadbf26ed3ba5dfb8b05486b993bbab03
parentb57b3a8c50f2875ad6156fa26cca15ab12ba52e1 (diff)
acmens.py: sign_csr: fix dns text record content
It should be base64(sha256(key_authorization)) reference: https://tools.ietf.org/html/rfc8555#section-8.4
-rw-r--r--acmens.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/acmens.py b/acmens.py
index 05fa749..098903a 100644
--- a/acmens.py
+++ b/acmens.py
@@ -206,6 +206,7 @@ def sign_csr(account_key, csr, email=None, challenge_type='http'):
challenge = [c for c in chl_result["challenges"] if c["type"] == type_id][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
+ dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())
# build request for the server to test this challenge.
test_url = challenge["url"]
@@ -225,7 +226,7 @@ DNS TXT record contents: \"{token}\"
Notes:
- Do not include the quotes in the TXT record.
-""".format(domain=domain.replace('*.', ''), token=challenge["token"]))
+""".format(domain=domain.replace('*.', ''), token=dns_payload))
else:
# Challenge response for http server.
response_uri = ".well-known/acme-challenge/{0}".format(