Description
I am having issues revoking certificates. I am getting "The certificate being revoked is not associated with account" as an error.
authorizedToRevoke := func(cert *core.Certificate) *acme.ProblemDetails {
if cert.AccountID == existingAcct.ID {
return nil
}
return acme.UnauthorizedProblem(
fmt.Sprintf(
"The certificate being revoked is not associated with account %q",
existingAcct.ID))
I was able to modify pebble locally to print out the accountId associated with the certificate. It appears to be blank. I am unsure how this is happening.
The certificate being revoked is not associated with account \\\\\\\"6c3d1863562d6c90\\\\\\\", cert account: \\\\\\\"\\\\\\\"\\\")
log output:
for order:
protected Header { alg: Es256, key: KeyId(\"https://TestELB.elb.us-west-2.amazonaws.com/my-account/6c3d1863562d6c90\"), nonce: Some(\"8Tq8uN5L_Qjn-TT3fs6Kjw\"), url: \"https://TestELB.elb.us-west-2.amazonaws.com/order-plz\" }"
for revoke:
protected Header { alg: Es256, key: KeyId(\"https://TestELB.elb.us-west-2.amazonaws.com/my-account/6c3d1863562d6c90\"), nonce: Some(\"28T954H3O91KG7Hfdn0w0g\"), url: \"https://TestELB.elb.us-west-2.amazonaws.com/revoke-cert\" }"
based on the pebble logs, it looks like it is associated the account to the cert order correctly
Pebble 2024/12/20 17:38:21 Listening on: 0.0.0.0:14000
Pebble 2024/12/20 17:38:21 ACME directory available at: https://0.0.0.0:14000/dir
Pebble 2024/12/20 17:38:59 GET /dir -> calling handler()
Pebble 2024/12/20 17:39:00 HEAD /nonce-plz -> calling handler()
Pebble 2024/12/20 17:39:00 POST /sign-me-up -> calling handler()
Pebble 2024/12/20 17:39:00 There are now 1 accounts in memory
Pebble 2024/12/20 17:39:45 GET /dir -> calling handler()
Pebble 2024/12/20 17:39:46 HEAD /nonce-plz -> calling handler()
Pebble 2024/12/20 17:39:46 POST /order-plz -> calling handler()
Pebble 2024/12/20 17:39:46 There are now 1 authorizations in the db
Pebble 2024/12/20 17:39:46 Added order "WljDDigaU6WTbeQFdeq1l1tUnrgTbKBVA8603n0LItA" to the db
Pebble 2024/12/20 17:39:46 There are now 1 orders in the db
Pebble 2024/12/20 17:39:46 POST /authZ/ -> calling handler()
Pebble 2024/12/20 17:39:47 POST /chalZ/ -> calling handler()
Pebble 2024/12/20 17:39:47 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"firstone.com"}, Challenge:(*core.Challenge)(0xc0003de960), Account:(*core.Account)(0xc0000fb920), AccountURL:"https://localhost:14000/my-account/6c3d1863562d6c90", Wildcard:false}
Pebble 2024/12/20 17:39:47 Starting 3 validations.
Pebble 2024/12/20 17:39:47 Sleeping for 1s seconds before validating
Pebble 2024/12/20 17:39:47 Sleeping for 4s seconds before validating
Pebble 2024/12/20 17:39:47 Sleeping for 1s seconds before validating
Pebble 2024/12/20 17:39:48 PEBBLE_VA_ALWAYS_VALID is enabled. Skipping real validation of challenge 9lzZcmyVfP1XzE3wnSajVUPnS9KsQmkSNYF0Sb9QPa0
Pebble 2024/12/20 17:39:48 PEBBLE_VA_ALWAYS_VALID is enabled. Skipping real validation of challenge 9lzZcmyVfP1XzE3wnSajVUPnS9KsQmkSNYF0Sb9QPa0
Pebble 2024/12/20 17:39:51 POST /authZ/ -> calling handler()
Pebble 2024/12/20 17:39:51 PEBBLE_VA_ALWAYS_VALID is enabled. Skipping real validation of challenge 9lzZcmyVfP1XzE3wnSajVUPnS9KsQmkSNYF0Sb9QPa0
Pebble 2024/12/20 17:39:51 authz 0uCyNyR6Q8FvQ9MN8-DoaW4loBvdwO1H3TN7jc1CqDs set VALID by completed challenge 9lzZcmyVfP1XzE3wnSajVUPnS9KsQmkSNYF0Sb9QPa0
Pebble 2024/12/20 17:39:58 POST /authZ/ -> calling handler()
Pebble 2024/12/20 17:39:59 POST /finalize-order/ -> calling handler()
Pebble 2024/12/20 17:39:59 Order WljDDigaU6WTbeQFdeq1l1tUnrgTbKBVA8603n0LItA is fully authorized. Processing finalization
Pebble 2024/12/20 17:39:59 Issued certificate serial 2e0596daeb07e65d for order WljDDigaU6WTbeQFdeq1l1tUnrgTbKBVA8603n0LItA
Pebble 2024/12/20 17:39:59 POST /my-order/ -> calling handler()