Skip to content

Add revoke API implementation to ACME API #468

Closed
@rfranks-securenet

Description

@rfranks-securenet

Subject of the issue

When using the vancluever/acme Terraform provider, cert creation works fine, but revoking results in 404 error

Your environment

  • OS - CentOS 7
  • Version - Smallstep CA/0.15.4 (linux/amd64)

Steps to reproduce

  1. Set up step-ca with ACME provisioner.
  2. Use vancluever/acme terraform provider to create a certificate (example config below)
  3. Use Terraform destroy.
provider "acme" {
  server_url = "https://acme.example.com/acme/acme/directory"
}
resource "acme_certificate" "certificate" {
  account_key_pem           = "--PEM-DATA--"
  common_name               = "test.example.com"
  subject_alternative_names = ["test.example.com"]
}

Expected behaviour

Certificate should be revoked.

Actual behaviour

404 error on certificate revocation.

Error from Terraform:
Error: 404 ::POST :: https://acme.example.com/acme/acme/revoke-cert :: invalid character 'p' after top-level value :: 404 page not found

Error from StepCA:
Feb 09 14:36:09 centos.example.com step-ca[17512]: time="2021-02-09T14:36:09Z" level=warning duration="22.498µs" duration-ns=22498 fields.time="2021-02-09T14:36:09Z" method=POST name=ca path=/acme/acme/revoke-cert protocol=HTTP/1.1 referer= remote-address=10.20.30.40 request-id=c0h9rme5jd28fp3kbtp0 size=19 status=404 user-agent="xenolf-acme/4.1.3 (release; linux; amd64)" user-id=

Additional context

The ACME provider in Terraform uses the lego library, which is included in the compatible libraries.

Any help to turn on more debugging, or work out what is going on would be much appreciated.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions