Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZeroSSL Verify API cannot verify and shows me all certificates info #23

Open
SaeedFazlollahzadeh opened this issue Nov 30, 2022 · 0 comments
Open

ZeroSSL Verify API cannot verify and shows me all certificates info #23

SaeedFazlollahzadeh opened this issue Nov 30, 2022 · 0 comments

Comments

@SaeedFazlollahzadeh
Copy link

Hi, let me give an example of my failed task to test ZeroSSL API:

This is my generate.sh file which is the first step and works fine:

# source /home/zerossl/ZEROSSL_KEY.sh # let me add variables here for github
ZEROSSL_KEY=MyZeroSSLAPIkey
DOMAIN=1.1.1.1 # My IPv4
openssl req -new -newkey rsa:2048 -nodes -out "$DOMAIN".csr \
            -keyout "$DOMAIN".key \
            -subj "/C=US/CN=$DOMAIN" \
            &>/dev/null
curl -sX POST https://api.zerossl.com/certificates?access_key="$ZEROSSL_KEY" \
        --data-urlencode certificate_csr@"$DOMAIN".csr \
        -d certificate_domains="$DOMAIN" \
        | jq > generate.txt

This is the first step and I see in https://app.zerossl.com/certificates/draft one.

But the issue is with other APIs. I manually create a file in /var/www/html/.well-known/pki-validation/SOMEFILE.txt and add the required text there. So it's accessible via 1.1.1.1/.well-known/pki-validation/SOMEFILE.txt.

When I want to call Verify API:

source /home/zerossl/ZEROSSL_KEY.sh
curl -s -X GET -d validation_method='HTTP_CSR_HASH' \
"https://api.zerossl.com/certificates?access_key="$ZEROSSL_KEY"&="$ID"/challenges" \
| jq > verify.txt

This is the output:

    {
      "id": "SOMEID
      "fingerprint_sha1": null,
      "brand_validation": null,
      "validation": {
        "email_validation": {
          "1.1.1.1": []
        },
        "other_methods": {
          "1.1.1.1": {
            "file_validation_url_http": "http://1.1.1.1/.well-known/pki-validation/84CE1466F4209BF8868B311366FACA20.txt",
            "file_validation_url_https": "https://1.1.1.1/.well-known/pki-validation/84CE1466F4209BF8868B311366FACA20.txt",
            "file_validation_content": [
              "86C1657D6F8C41B64852B2B1F6BC878C92EA6B51E20634AE25F72A917791FB83",
              "comodoca.com",
              "6f73bcce63a9615"
            ],
            "cname_validation_p1": "_84CE1466F4209BF8868B311366FACA20.1.1.1.1",
            "cname_validation_p2": "86C1657D6F8C41B64852B2B1F6BC878C.92EA6B51E20634AE25F72A917791FB83.6f73bcce63a9615.comodoca.com"
          }
        }
      }
    }
  ]

While it should verify domain, it does not.
I'm sure that http://1.1.1.1/.well-known/pki-validation/84CE1466F4209BF8868B311366FACA20.txt is accessible and has the contents of file_validation_content.
Am I doing anything wrong here?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SaeedFazlollahzadeh