implement ACME external account binding (EAB)

where a new acme account is created with a reference to an existing non-acme
account known by the acme provider. some acme providers require this.
This commit is contained in:
Mechiel Lukkien
2023-12-22 10:34:55 +01:00
parent db3fef4981
commit ee1094e1cb
5 changed files with 65 additions and 10 deletions

View File

@ -101,6 +101,22 @@ describe-static" and "mox config describe-domains":
# Encrypt, this value is set automatically to letsencrypt.org. (optional)
IssuerDomainName:
# ACME providers can require that a request for a new ACME account reference an
# existing non-ACME account known to the provider. External account binding
# references that account by a key id, and authorizes new ACME account requests by
# signing it with a key known both by the ACME client and ACME provider.
# (optional)
ExternalAccountBinding:
# Key identifier, from ACME provider.
KeyID:
# File containing the base64url-encoded key used to sign account requests with
# external account binding. The ACME provider will verify the account request is
# correctly signed by the key. File is evaluated relative to the directory of
# mox.conf.
KeyFile:
# File containing hash of admin password, for authentication in the web admin
# pages (if enabled). (optional)
AdminPasswordFile: