acmens.py: sign_csr: fix dns text record content

It should be base64(sha256(key_authorization)) reference: https://tools.ietf.org/html/rfc8555#section-8.4
author: rsiddharth <s@ricketyspace.net> 2020-08-02 20:37:51 -0400
committer: rsiddharth <s@ricketyspace.net> 2020-08-02 20:37:51 -0400
commit: 58c690696b965602500e72658854d804a0613cbf (patch)
tree: 85bfe5cbadbf26ed3ba5dfb8b05486b993bbab03
parent: b57b3a8c50f2875ad6156fa26cca15ab12ba52e1 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/acmens.py b/acmens.py
index 05fa749..098903a 100644
--- a/acmens.py
+++ b/acmens.py
@@ -206,6 +206,7 @@ def sign_csr(account_key, csr, email=None, challenge_type='http'):
     challenge = [c for c in chl_result["challenges"] if c["type"] == type_id][0]
     token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
     keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
+    dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())
 
     # build request for the server to test this challenge.
     test_url = challenge["url"]
@@ -225,7 +226,7 @@ DNS TXT record contents: \"{token}\"
 Notes:
 - Do not include the quotes in the TXT record.
 
-""".format(domain=domain.replace('*.', ''), token=challenge["token"]))
+""".format(domain=domain.replace('*.', ''), token=dns_payload))
     else:
         # Challenge response for http server.
         response_uri = ".well-known/acme-challenge/{0}".format(
author	rsiddharth <s@ricketyspace.net>	2020-08-02 20:37:51 -0400
committer	rsiddharth <s@ricketyspace.net>	2020-08-02 20:37:51 -0400
commit	58c690696b965602500e72658854d804a0613cbf (patch)
tree	85bfe5cbadbf26ed3ba5dfb8b05486b993bbab03
parent	b57b3a8c50f2875ad6156fa26cca15ab12ba52e1 (diff)