Project

General

Profile

Actions
Copy link

Bug #15733

closed

Changing the account key name does not update respective certificates

Added by Guy van der Werf 2 months ago. Updated 19 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
ACME
Target version:
pfSense - 2.8.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.11
Affected Version:
2.7.2
Affected Plus Version:
Affected Architecture:

Description

Package:
acme 0.8_1

Problem:
Renaming an account key name (as seen in the tab "Account keys"), does not correctly update existing certificate metadata using that account key.

Reproduce:
  1. In the "Account key" tab, edit an account key that is used by an existing certificate.
  2. Change the account key name (field: "Name") from "Test" to "LetsEncryptTest"
  3. Return to the "Certificates" tab. Notice the "Account" column of certificates that did refer to Account Key "X", do not refer to "Y", but still refer to "X". CORRUPTION 1
  4. Repeat the above for a second account key: e.g. Name changes from "Production" to "LetsEncryptProd".
  5. In the "Certificates" tab, edit a certificate that contains a corrupted Account Key e.g. "Production" (where it should refer to "LetsEncryptProd")
  6. Notice the "Acme account" drop-down now shows an existing but incorrect Account key, "LetsEncryptTest". This is neither the correct Account key, nor is it the same as displayed in the "Certificates" tab. CORRUPTION 2

Expected:
Existing certificates should refer to the same account key by its new name.

Workaround:
Edit each certificate using the affected account key, and correct the account key in the "Acme account" drop-down.

Actions
Copy link
 #1

Updated by Jordan G 24 days ago

pfSense + 24.03 editing the acme account key name used by an existing certificate, still shows the previous key name in the acme cert list. Upon editing the certificate, the account drop down (has the same previously edited account selected) shows the now updated key name. Saving the certificate entry then displays the updated account key name in the certificate list.

will attempt to validate using CE and similar procedure

Actions
Copy link
 #2

Updated by Marcos M 22 days ago

  • Subject changed from ACME - Certificate account metadata gets corrupted to Changing the account key name does not update respective certificates
  • Status changed from New to In Progress
  • Assignee set to Marcos M
  • Target version set to 2.8.0
  • Plus Target Version set to 24.11
  • Affected Architecture deleted (amd64)
Actions
Copy link
 #3

Updated by Marcos M 22 days ago

  • Status changed from In Progress to Feedback
Actions
Copy link
 #4

Updated by Marcos M 22 days ago

  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Georgiy Tyutyunnik 19 days ago

  • Status changed from Feedback to Resolved

reproduced on:
2.7.2-RELEASE (amd64)
built on Mon Mar 4 19:53:00 UTC 2024
FreeBSD 14.0-CURRENT

tested on, fixed:
24.11-BETA (amd64)
built on Thu Oct 31 7:00:00 CET 2024
FreeBSD 15.0-CURRENT

Actions
Copy link

Also available in: Atom PDF