- Provo, UT
- https://coolaj86.com
-
6'5 • Technophobic Technologist + Videographer • Go, Rust, Node / VanillaJS (@JSJabber), UX, Security, IoT. Canon 24mm 50mm.
- Joined on
2017-10-24
Hey! I haven't added ECDSA support yet, but as I was doing some code cleanup in preparation for that I found a bug in the RSA PEM to JWK conversion. In certain cases it would generate the wrong thumbprint (for technical reasons related to how signed big ints are encoded in PEM/ASN.1).
Recently it seems like everyone I know and their dog is trying to use AWS to solve every problem. I even see junior devs trying to use it. It completely baffles me (though I'm from a bygone era - an old man who yells at the cloud, as it were).
Why not use something simple and easy, like DigitalOcean or Linode?
On the flip side, there's this thing called "hairpin routing" that is easy to get misconfigured which would also cause valid IP addresses to get rejected when the requests come from inside the network.
I just took a minute to triple check and it does send the host header as configured.
Are you sure that it isn't the tool you're using to initiate the request that's sending the IP address instead of the hostname (i.e. software on the load balancer dropping the Host header)?
Give me a few hours to look into it and get back to you. Server logs don’t lie... unless they do... but it sounds like the problem is on my end so I’ll poke a bit.
Ah, but if I dig up the option to turn that check off (which does exist and I’ll cconsider putting in the readme), then when the request from Let’s Encrypt come in you’ll fail the challenge.