DigiCert ACME

axelo

Hi, we are testing Certwarden with our DigiCert account where we have setup ACME but we are getting an error when trying to add the ACME service. Anyone came across this before?

axelo

To add more detail, this is the error I'm getting

An API error has occurred.
Status Code: 400
Message: error: request validation (param or payload) invalid (acme: directory (https://one.digicert.com/mpki/api/v1/acme/v2/directory) missing one or more required urls)

gregtwallace

axelo

If you manually navigate to the directory URL, it looks like the keyChange field is missing from the directory. I think this is probably non-compliant but it isn't strictly "necessary" per se for ACME to work.

I'm not necessarily opposed to modifying the code to make this work, but it does explain why you're having a problem.

axelo

gregtwallace I have looked at the RFC 8555 and as I understand it only directory and newNonce are the only two resources that the server MUST provide. That would make everything else optional. Is there a way to manually add the provider and skip this check? (Digicert is not likely to change their backend for us)

gregtwallace

I fixed this in the master branch so the next release should work. You can build the docker image yourself if you want.

https://github.com/gregtwallace/certwarden-backend/commit/f896f4fc63faa3c1dde110b0a7569f91e55d6aa4

axelo

gregtwallace Wonderful. Any idea when will the next release come out?

axelo

gregtwallace I did my own build and now the response from the backend is following:

An API error has occurred.
Status Code: first zod err: invalid_type
Message: [acme_server,raw_directory_response]: Expected object, received null

strangely it does save but it doesn't give me the option to enter the credentials and complete that setup.

gregtwallace

That's just a GUI error (which I just fixed, thanks for pointing it out).

Move on to the next step for adding an Account (which is where you would do account binding).

axelo

gregtwallace I can confirm that the DigiCert ACME process works. Ignoring the UI error for now. Everything else went well. Great job, invaluable tool!

gregtwallace

Happy to hear it 🙂