Hi, we are testing Certwarden with our DigiCert account where we have setup ACME but we are getting an error when trying to add the ACME service. Anyone came across this before?
DigiCert ACME
To add more detail, this is the error I'm getting
An API error has occurred.
Status Code: 400
Message: error: request validation (param or payload) invalid (acme: directory (https://one.digicert.com/mpki/api/v1/acme/v2/directory) missing one or more required urls)
If you manually navigate to the directory URL, it looks like the keyChange
field is missing from the directory. I think this is probably non-compliant but it isn't strictly "necessary" per se for ACME to work.
I'm not necessarily opposed to modifying the code to make this work, but it does explain why you're having a problem.
gregtwallace I have looked at the RFC 8555 and as I understand it only directory and newNonce are the only two resources that the server MUST provide. That would make everything else optional. Is there a way to manually add the provider and skip this check? (Digicert is not likely to change their backend for us)
I fixed this in the master branch so the next release should work. You can build the docker image yourself if you want.
https://github.com/gregtwallace/certwarden-backend/commit/f896f4fc63faa3c1dde110b0a7569f91e55d6aa4
gregtwallace Wonderful. Any idea when will the next release come out?
gregtwallace I did my own build and now the response from the backend is following:
An API error has occurred.
Status Code: first zod err: invalid_type
Message: [acme_server,raw_directory_response]: Expected object, received null
strangely it does save but it doesn't give me the option to enter the credentials and complete that setup.
That's just a GUI error (which I just fixed, thanks for pointing it out).
Move on to the next step for adding an Account (which is where you would do account binding).
gregtwallace I can confirm that the DigiCert ACME process works. Ignoring the UI error for now. Everything else went well. Great job, invaluable tool!
Happy to hear it