The nonce is fetched via HEAD request. Before this fix, if there was a
HTTP error, acme4j expected a Problem JSON body, which was not send
because of the HEAD request, and lead to an AcmeProtocolException.
Now either an AcmeException or AcmeRetryAfterException is thrown.
- Updated to the latest pebble and challtestsrv images
- Could not use the docker images as intended, because I found no way to
let the docker-maven-plugin setup a network with fixed IP addresses.
The original images are based on scratch, so getent is not present
there. The only fix was to build own images based on alpine, and copy
the apps from the original images. Ugly, but working.
- Fixed broken integration tests
- Fixed an old bug: DNS records were removed with two trailing full
stops.
ssl.com requires EAB for account creation, but the metadata's
"externalAccountRequired" property gives "false", indicating that no EAB
is used.
This fix patches the read directory's metadata if the ssl.com provider
is used.
I like to avoid having different examples for different CAs or
scenarios, as it takes unnecessary time to keep them in sync and
updated.
For this reason, I merged both examples back in a single example again,
which now also handles EAB if necessary.
I also used a generic example CA (example.org) so no CA is favored in
the source code. The desired connection URI must now be configured
first, in order to make the example run.
The documentation was updated accordingly. Rationale is that I don't
want the documentation to be cluttered with all possible CAs, so none of
them is favored now.
These tests will fail if the directory URLs are changed, or if a
relevant part of the directory changes. If one of the tests should fail,
acme4j will need to be updated to the new directory URL or structure.
These are genuine functionality changes, and may represent unexpected
impact. Having two CNs doesn't seem right, but that case is tested so
I'm leaving that here for discussion's sake.
The other test case doesn't have a CN anymore, as expected
Required by Java as well as the Baseline Requirements, RFC5280, etc.
If the subject field of the certificate is an empty SEQUENCE, this
extension MUST be marked critical, as specified in RFC 5280, Section
4.2.1.6. Otherwise, this extension MUST NOT be marked critical.
- Rearranged all chapters. It makes content easier to find, as it is not
buried in unrelated information now.
- Reviewed the content.
- Fixed broken links.
- Added documentation about Renewal Information and Exceptions
