certbot

mirror of https://github.com/certbot/certbot.git synced 2026-02-03 20:40:36 -05:00

History

Brad Warren fde359f4da fixup http01_example.py (#10285 ) it looks like https://github.com/certbot/certbot/pull/10098 introduced a couple bugs into this file: 1. [RSAPrivateKeys](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) don't have a `public_bytes` method 2. `cryptography.x509` wasn't imported and [load_pem_x509_certificate](https://cryptography.io/en/latest/x509/reference/#cryptography.x509.load_pem_x509_certificate) takes bytes, not a string i think avoiding this is unfortunately difficult as this file has no tests, but it was useful for me just now when testing https://github.com/certbot/certbot/pull/10283 so i wanted to fix it up i also changed the script to initially create the account without an email address as the fake@example.com email causes registration with LE's staging server to fail early in execution with the changes in this PR changes, if you: 1. change the value of [DOMAIN](`0075104805/acme/examples/http01_example.py (L57)`) to a domain pointing at your machine 2. as root, activate your certbot dev environment, and run `python acme/examples/http01_example.py ` it will fail late in the script with: ``` Traceback (most recent call last): File "/home/brad/certbot/acme/examples/http01_example.py", line 237, in <module> example_http() ~~~~~~~~~~~~^^ File "/home/brad/certbot/acme/examples/http01_example.py", line 223, in example_http regr = client_acme.update_registration( regr.update( ...<3 lines>... ) ) File "/home/brad/certbot/acme/src/acme/client.py", line 101, in update_registration updated_regr = self._send_recv_regr(regr, body=body) File "/home/brad/certbot/acme/src/acme/client.py", line 373, in _send_recv_regr response = self._post(regr.uri, body) File "/home/brad/certbot/acme/src/acme/client.py", line 392, in _post return self.net.post(args, kwargs) ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^ File "/home/brad/certbot/acme/src/acme/client.py", line 766, in post return self._post_once(args, **kwargs) ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^ File "/home/brad/certbot/acme/src/acme/client.py", line 781, in _post_once response = self._check_response(response, content_type=content_type) File "/home/brad/certbot/acme/src/acme/client.py", line 630, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:ietf:params:acme:error:invalidContact :: The provided contact URI was invalid :: Unable to update account :: invalid contact: contact email has forbidden domain "example.org" ``` if you also change [this email variable](`0075104805/acme/examples/http01_example.py (L223)`) to a valid email address, the script will run successfully	2025-05-08 15:43:37 -07:00
..
http01_example.py	fixup http01_example.py (#10285 )	2025-05-08 15:43:37 -07:00

it looks like https://github.com/certbot/certbot/pull/10098 introduced a
couple bugs into this file:

1.
[RSAPrivateKeys](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey)
don't have a `public_bytes` method
2. `cryptography.x509` wasn't imported and
[load_pem_x509_certificate](https://cryptography.io/en/latest/x509/reference/#cryptography.x509.load_pem_x509_certificate)
takes bytes, not a string

i think avoiding this is unfortunately difficult as this file has no
tests, but it was useful for me just now when testing
https://github.com/certbot/certbot/pull/10283 so i wanted to fix it up

i also changed the script to initially create the account without an
email address as the fake@example.com email causes registration with
LE's staging server to fail early in execution

with the changes in this PR changes, if you:

1. change the value of
[DOMAIN](0075104805/acme/examples/http01_example.py (L57))
to a domain pointing at your machine
2. as root, activate your certbot dev environment, and run `python
acme/examples/http01_example.py `

it will fail late in the script with:
```
Traceback (most recent call last):
  File "/home/brad/certbot/acme/examples/http01_example.py", line 237, in <module>
    example_http()
    ~~~~~~~~~~~~^^
  File "/home/brad/certbot/acme/examples/http01_example.py", line 223, in example_http
    regr = client_acme.update_registration(
        regr.update(
    ...<3 lines>...
        )
    )
  File "/home/brad/certbot/acme/src/acme/client.py", line 101, in update_registration
    updated_regr = self._send_recv_regr(regr, body=body)
  File "/home/brad/certbot/acme/src/acme/client.py", line 373, in _send_recv_regr
    response = self._post(regr.uri, body)
  File "/home/brad/certbot/acme/src/acme/client.py", line 392, in _post
    return self.net.post(*args, **kwargs)
           ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/home/brad/certbot/acme/src/acme/client.py", line 766, in post
    return self._post_once(*args, **kwargs)
           ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/home/brad/certbot/acme/src/acme/client.py", line 781, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/home/brad/certbot/acme/src/acme/client.py", line 630, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:invalidContact :: The provided contact URI was invalid :: Unable to update account :: invalid contact: contact email has forbidden domain "example.org"
```
if you also change [this email
variable](0075104805/acme/examples/http01_example.py (L223))
to a valid email address, the script will run successfully

2025-05-08 15:43:37 -07:00

http01_example.py fixup http01_example.py (#10285 ) 2025-05-08 15:43:37 -07:00