Project

General

Profile

Actions

Bug #9340

closed

Buypass CA does not support wildcard

Added by Idar Lund almost 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
ACME
Target version:
-
Start date:
02/20/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4_2
Affected Plus Version:
Affected Architecture:

Description

The BuyPass server is listed as "acmev2":
BuyPass Production ACME v2 (Applies rate limits to certificate requests)

But their website is stating that wildcard is not supported: https://www.buypass.no/ssl/products/acme

When issuing wildcard cert with the buypass server i get:
A wildcard 'Domainname' is present but the ACME Account key is not registered to an ACME v2 server.

If BuyPass' server is actually acmev2 this error message should be changed to "A wildcard 'Domainname' is present but BuyPass is not supporting wildcard certificate.".
If BuyPass' server is in fact acmev2 the acme_accountkeys.php should be updated accordingly.

Actions #1

Updated by Jim Pingle almost 6 years ago

  • Subject changed from buypass error to Buypass CA does not support wildcard
  • Assignee set to Jim Pingle

We can remove the "ACME v2" label from Buypass but the error message you quote doesn't appear to come from this package or acme.sh, it may be sent back from the remote server. In that case you'd have to contact Buypass to have them send a more accurate error message.

We could maybe also add input validation to prevent saving the cert entry if a Buypass CA is selected and a wildcard entry is in the SAN list.

Actions #2

Updated by Idar Lund almost 6 years ago

At Let's encrypt:
acme1: https://acme-staging.api.letsencrypt.org/directory
acme2: https://acme-staging-v02.api.letsencrypt.org/directory

The api for BuyPass seems to be acmev1: https://api.buypass.com/acme/directory
So I guess the right thing to do is to rename "BuyPass Production ACME v2 (Applies rate limits to certificate requests)" to "BuyPass Production ACME v1 (Applies rate limits to certificate requests)".

Actions #3

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Feedback

Fixed in ACME pkg v0.5.6

Actions #4

Updated by Jim Pingle over 5 years ago

  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle over 5 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF