-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In memory cookie jar for http01 challenge #6303
Comments
@arontsang Would you please try the cookies branch of CertMagic? See if that helps you out. caddyserver/certmagic#288 |
Oh, you said you have an ACME server. Nevermind. One minute. |
Ok, so that HTTP client actually comes from If there is a way to pass a custom HTTP client in (through context?) I haven't figured that out. Sorry to redirect you again, but could you open an issue at the Smallstep repo? They will be able to better address this. (Closing, but feel free to continue discussion if needed!) |
@mholt I think your original PR in CertMagic does in fact what @arontsang is looking for, namely to send cookies (if received from the ELB) in follow up requests to the ACME server. The HTTP client you're referring to is the one that's used to validate an HTTP challenge (actually, it's a wrapper for HTTP, DNS and TLS-ALPN challenge solving). That client does not operate on nonces, and should generally only fire a single request from behind the load balancer. |
I'm going to try compile and run this in my corporate environment and see if it fixes the issue. I'm not a golang dev, so I'm not sure how well it's going to go.😜 |
Let me know; if that PR does do what you need then I'll recreate it and merge it. |
Still getting this issue:
|
@arontsang So it sounds like a Cookie Jar in the ACME client is not what is needed for your use case. |
I have an ACME server behind a AWS ELB that caddy can't communicate with correctly.
The ELB is round robin load balancing, resulting in the NewNonce coming from the wrong server.
Please can we add an in memory cookie jar to the http client instance used by http01 challenge.
The text was updated successfully, but these errors were encountered: