Update: I got it working. Seems to have been a server implementation bug on my end.
Sorry for the noise! -F > On Jun 17, 2018, at 8:01 PM, Felipe Gasper <fel...@felipegasper.com> wrote: > > I’ve been playing with this. As far as I can tell I have it set up correctly, > but it’s not working. > > In response to this challenge: > > https://acme-staging-v02.api.letsencrypt.org/acme/challenge/leSSBO7cbljpzjZqGhzqSRm8lphqe1RX_jI3Mx8eEeU/136484133 > > … I set up this certificate: > > -----BEGIN CERTIFICATE----- > MIIDBDCCAe6gAwIBAgIBADALBgkqhkiG9w0BAQswGzEZMBcGA1UEAwwQY29icmFzc2x0ZXN0Lm9y > ZzAiGA8yMDE4MDYxNTIzNTg0MFoYDzIwMTgwNjE5MjM1ODQwWjAbMRkwFwYDVQQDDBBjb2JyYXNz > bHRlc3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ7S6Ihzojn36nARYbGY > 7ZKQCZHUje/yjeOaSFNzgFtIBSjdlEyYZz5DkAv92ciqH7OJ4InuJFoFT0OwbVHxf0na/fA52XwJ > RjNXWY7p1Qw0ZKqAIyypjcMS4ucnLvPYjGM+xNWtDnLP9Odr/8jNdQDIAehJ4TS11RlX2cv28hwi > BqUcj1whdPFsdUKbyUCzdpKP7BS3UdL8Z7fkc+WxiTQMCaA8/IO/i+1s5ptJSFEZPVU/ZVVEVZrC > EFArImmpWowoCiTxtQdWtS0bHY5RlB5IrGal4ZUgKtKe94AewvpPdy4CH8jrbQeBLcssHoaTdLgT > VsxTAFSRnHcuZ8wfYwIDAQABo1MwUTAbBgNVHREEFDASghBjb2JyYXNzbHRlc3Qub3JnMDIGCSsG > AQUFBwEeAQEB/wQiBCD/wpQDz3i0tjgUXgWWWyb0tP+DGo99DuOt0y1qokwGDjALBgkqhkiG9w0B > AQsDggEBACOzSSZJRUu39glasoTdpEQWwgbxqVoQ5/3Ly8P06C4xavEdgQUrsHOubr6Y4HEFpLpS > U/0tsVmnL3c3AVL6NXY7ffTVRpLYwGA+5oq5tIT/Yp6gqvO0D5JC+y/wfc7OpKU+x7N2NHlBJtPp > mTUYm6KIwYz6qcHheV4vjZPZzZ1M4FFGCKgFItD+9mIoUyH13oKfkJzAPsALJqZFJ279r+4eT3N2 > yGX3TZPLFUkaN4rNwSY4GwBVbIUiZ1Tgn5Z/TJTMQYlbr3pMwOe8V2YPO4sXCu2CcT53PrB0T4tH > c0/v1a+kaYYCz3aAgrA9/5VAmnK89h+U/qfvEHSGBzK3w8U= > -----END CERTIFICATE----- > > … which has this key: > > -----BEGIN RSA PRIVATE KEY----- > MIIEpQIBAAKCAQEAyZ7S6Ihzojn36nARYbGY7ZKQCZHUje/yjeOaSFNzgFtIBSjd > lEyYZz5DkAv92ciqH7OJ4InuJFoFT0OwbVHxf0na/fA52XwJRjNXWY7p1Qw0ZKqA > IyypjcMS4ucnLvPYjGM+xNWtDnLP9Odr/8jNdQDIAehJ4TS11RlX2cv28hwiBqUc > j1whdPFsdUKbyUCzdpKP7BS3UdL8Z7fkc+WxiTQMCaA8/IO/i+1s5ptJSFEZPVU/ > ZVVEVZrCEFArImmpWowoCiTxtQdWtS0bHY5RlB5IrGal4ZUgKtKe94AewvpPdy4C > H8jrbQeBLcssHoaTdLgTVsxTAFSRnHcuZ8wfYwIDAQABAoIBAQCTwuBTJt2IAO/e > Uq+KZ3vqcMU7HjMmqrmanzmM1AwL/9nyXha1/sSatZkSUpeCKnvzq8LaWnu7DHZj > tvnvxGQ2o0vpW0sqRqsNVccojYJ1bvJe7E3oeWzxxgtrW3juAiusB3gTDX483ovl > sk0GMoXQv/fU3gZ3FAhG2sH1jnO2zvWhvv/z3qyVxcnTFVvmr+RV9xH6ykXQ8qGR > K+PyqH8IWDwBq3RGofiFS8a0TYapiQp7cFaC0wyZVY+1e1CPwm1A7Koqv3xZBxdH > /puRtbPnxkFrpdYEr65tAoxHKwAt7ju+DQp7RhPlrS014cDgq2qJ8l73ivhAbX5M > sS9xzhJBAoGBAPM2KfCfNrNG7ttkYsg21OQ99gxWcTTava58o2Ei1AZyvydzmFam > uekwJzcLhTRVZg7t5utKRxtbN8DmVJli7132lrxUkn3kzPJGYacSyoSn+XH4lRb0 > E0SAgYUd1WiDazNfcNrYLVzriOVnyiKvWP+yYlUSJAfePCADug5eSsrxAoGBANQ4 > zqbX4XW0DAN5n7ZBtyCqEag2ihqGDCfEZdp9w5iZSm6nqlZRZ+XRxKzijsTt42Ap > 1CnwbaURswYNJw/ZnxZhuHNKqiz8T2mFwcl4OcQhduHioXDaZT2dy/jTu6ov1VQ0 > mhx1SGRIakkp1yvElZzFLSJoop+bNISwDhDaHQeTAoGBAIfUEx4wPQNotRNQAB8j > CEikFhsT18uV8mNVdoVURyeGxB0LYOPb325NF0mVpIHyw7nIwbNcW1P64KtZt5um > dlp60fpCHUI0GwWfqv/87Z+ilBxDoTgdffk+75bhb4McCi25urRuEP+ZB25fRbOT > TFgZTvOF2xuN0PRsQGev34NxAoGBAK84D/dVOsOR2nFsE9/JNkfz4ww9q5zmnFah > I29YcwwlVH00VcFbCSuJHJeZn0MdHqShJJlT91NY37TZWy0NAvrZyA740LS/xVlc > pHmRmDBFaQBru9uPlhNfm69gMgv73mjd3XgtpY2W9Jpfv1ZVwyli6zcDqXGaFayQ > J6zmSR2dAoGAT+LDNH98ToNrBhKYinM1FJ36jQ0/IJGbTUE67iw9KFYkAsk2/ZMm > IYbKnkfhoPB/bZlMUYCEA/oJZlaOPgtDEGiSd4bv+x3nkyv+hO2y2YZn2W/8kPSk > wsTjrSCVrzxb7j7r1R9v56aNdZcp2srHK6W+rBME8OuH/lq509v0A48= > -----END RSA PRIVATE KEY----- > > It’s telling me “urn:ietf:params:acme:error:connection” (Connection reset by > peer) as the challenge’s failure. > > My server-side debugging says that the handshake succeeds … is there > something amiss in the certificate? > > > -Felipe > > >> On Jun 15, 2018, at 2:39 PM, Roland Bracewell Shoemaker >> <rol...@letsencrypt.org> wrote: >> >> Let’s Encrypt has deployed an implementation[0] of the >> draft-ietf-acme-tls-alpn-01 validation method on our staging environment[1]. >> If anyone has a chance to test it out and runs into >> implementation/specification issues we’d love to hear about them! >> >> [0] >> https://github.com/letsencrypt/boulder/blob/2dadd5e09a8228342aa86e8fa4c8d887a82aa4ac/va/va.go#L701-L768 >> [1] https://acme-staging.api.letsencrypt.org/ >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme