The ssl.com staging server's certificate seems to be unmonitored,
causing the acme4j build chain to break from time to time when their
certificate has expired. As this is blocking development, I have
decided to disable all related unit tests, and add a corresponding
note to the documentation.
The acme4j ssl.com provider is marked as experimental now, since it
is not fully covered by unit tests anymore.
The nonce is fetched via HEAD request. Before this fix, if there was a
HTTP error, acme4j expected a Problem JSON body, which was not send
because of the HEAD request, and lead to an AcmeProtocolException.
Now either an AcmeException or AcmeRetryAfterException is thrown.
- Updated to the latest pebble and challtestsrv images
- Could not use the docker images as intended, because I found no way to
let the docker-maven-plugin setup a network with fixed IP addresses.
The original images are based on scratch, so getent is not present
there. The only fix was to build own images based on alpine, and copy
the apps from the original images. Ugly, but working.
- Fixed broken integration tests
- Fixed an old bug: DNS records were removed with two trailing full
stops.
ssl.com requires EAB for account creation, but the metadata's
"externalAccountRequired" property gives "false", indicating that no EAB
is used.
This fix patches the read directory's metadata if the ssl.com provider
is used.
I like to avoid having different examples for different CAs or
scenarios, as it takes unnecessary time to keep them in sync and
updated.
For this reason, I merged both examples back in a single example again,
which now also handles EAB if necessary.
I also used a generic example CA (example.org) so no CA is favored in
the source code. The desired connection URI must now be configured
first, in order to make the example run.
The documentation was updated accordingly. Rationale is that I don't
want the documentation to be cluttered with all possible CAs, so none of
them is favored now.
These tests will fail if the directory URLs are changed, or if a
relevant part of the directory changes. If one of the tests should fail,
acme4j will need to be updated to the new directory URL or structure.