ACME: fixes

Increase polling time and poll the "order" endpoint instead of the "finalize" endpoint. These changes are required for ACME to work with Let's Encrypt as of 2024.
2025-03-09 00:00:04 +01:00 · 2024-06-24 01:44:57 -07:00 · 2024-06-24 01:44:57 -07:00 · 8674bf1585
commit 8674bf1585
parent fdde9119f7
1 changed files with 8 additions and 6 deletions
--- a/plugins/acme-client/protocol_lws_acme_client.c
+++ b/plugins/acme-client/protocol_lws_acme_client.c
@ -1125,8 +1125,10 @@ pkt_add_hdrs:
 			goto pkt_add_hdrs;

 		case ACME_STATE_POLLING_CSR:
-			if (ac->goes_around)
-				break;
+			if (ac->goes_around) {
+				strcpy(ac->active_url, ac->order_url);
+				goto pkt_add_hdrs;
+			}
 			lwsl_vhost_notice(vhd->vhost, "Generating ACME CSR... may take a little while");
 			p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "{\"csr\":\"");
 			n = lws_tls_acme_sni_csr_create(vhd->context,
@ -1396,7 +1398,7 @@ poll_again:
 			lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE,
 					       NULL);

-			if (ac->goes_around++ == 20) {
+			if (ac->goes_around++ == 200) {
 				lwsl_notice("%s: too many chall retries\n",
 						__func__);

@ -1470,13 +1472,13 @@ poll_again:
 				goto failed;
 			}

-			if (ac->resp != 200) {
-				if (ac->goes_around++ == 30) {
+			if (ac->resp != 200 || ac->cert_url[0] == '\0') {
+				if (ac->goes_around++ == 200) {
 					lwsl_vhost_warn(vhd->vhost, "Too many retries");

 					goto failed;
 				}
-				strcpy(buf, ac->finalize_url);
+				strcpy(buf, ac->order_url);
 				cwsi = lws_acme_client_connect(vhd->context,
 						vhd->vhost,
 						&ac->cwsi, &ac->i, buf,