How to set InsecureSkipVerify option for HTTPClient in http.go

[dxjones]

I am trying to use the lego/acme client package with the LetsEncrypt/Pebble server, but it is failing because the self-signed Pebble certificate is not signed by a recognized CA.

Being able to test an ACME client against the Pebble server is useful, especially during development.

What is the best way to set the "InsecureSkipVerify" option when creating an HTTPClient?

[ldez]

Hello, you have to define LEGO_CA_CERTIFICATES environment variable.

Example:

export LEGO_CA_CERTIFICATES=./certs/pebble.minica.pem

And optionally LEGO_CA_SERVER_NAME.

Remember that Pebble is designed only for testing (mainly for ACME client like Lego)

Lastly, Pebble will enforce it's test-only usage by aggressively building in guardrails that make using it in a production setting impossible or very inconvenient.

https://github.com/letsencrypt/pebble#goals

I don't recommend using the pebble for anything other than the test, you can use the Boulder instead if you want to use something internally in your company or the staging.

[dxjones]

Thanks for the info on LEGO_CA_CERTIFICATES.

I am trying to develop an ACME client based on Lego, with just a few custom features.

And, yes, I understand Pebble is purely for testing. I plan to switch to Boulder once I think my client is working properly.