Skip to content

Commit

Permalink
ACME: fixes
Browse files Browse the repository at this point in the history
Increase polling time and poll the "order" endpoint instead of the "finalize" endpoint. These changes are required for ACME to work with Let's Encrypt as of 2024.
  • Loading branch information
jdarpinian authored and lws-team committed Jun 24, 2024
1 parent fdde911 commit 8674bf1
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions plugins/acme-client/protocol_lws_acme_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -1125,8 +1125,10 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason,
goto pkt_add_hdrs;

case ACME_STATE_POLLING_CSR:
if (ac->goes_around)
break;
if (ac->goes_around) {
strcpy(ac->active_url, ac->order_url);
goto pkt_add_hdrs;
}
lwsl_vhost_notice(vhd->vhost, "Generating ACME CSR... may take a little while");
p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "{\"csr\":\"");
n = lws_tls_acme_sni_csr_create(vhd->context,
Expand Down Expand Up @@ -1396,7 +1398,7 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason,
lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE,
NULL);

if (ac->goes_around++ == 20) {
if (ac->goes_around++ == 200) {
lwsl_notice("%s: too many chall retries\n",
__func__);

Expand Down Expand Up @@ -1470,13 +1472,13 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason,
goto failed;
}

if (ac->resp != 200) {
if (ac->goes_around++ == 30) {
if (ac->resp != 200 || ac->cert_url[0] == '\0') {
if (ac->goes_around++ == 200) {
lwsl_vhost_warn(vhd->vhost, "Too many retries");

goto failed;
}
strcpy(buf, ac->finalize_url);
strcpy(buf, ac->order_url);
cwsi = lws_acme_client_connect(vhd->context,
vhd->vhost,
&ac->cwsi, &ac->i, buf,
Expand Down

0 comments on commit 8674bf1

Please sign in to comment.