### Install and Build miekg/dns Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/miekg/dns/README.md Instructions for installing and building the miekg/dns library using Go modules. ```bash go get github.com/miekg/dns go build github.com/miekg/dns ``` -------------------------------- ### Start Docker Compose Source: https://github.com/letsencrypt/pebble/blob/main/README.md Use this command to download and start Pebble and its associated challenge-testing server using docker-compose. ```bash docker-compose up ``` -------------------------------- ### Run Challenge Server Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Starts the challenge server and its subservers. This should typically be run in a separate Go routine. ```go // Start the Challenge server in its own Go routine go challSrv.Run() ``` -------------------------------- ### Set Default IPv4 for Challenge Server Source: https://github.com/letsencrypt/pebble/blob/main/README.md Configure the pebble-challtestsrv to respond to 'A' queries with a specific IPv4 address. This is useful for initial setup. ```bash curl --request POST --data '{"ip":"172.20.0.1"}' http://localhost:8055/set-default-ipv4 ``` -------------------------------- ### Pebble Docker Compose Configuration Source: https://github.com/letsencrypt/pebble/blob/main/README.md Example docker-compose configuration for running Pebble, specifying the image, command, ports, environment variables, and volumes. ```yaml services: pebble: image: ghcr.io/letsencrypt/pebble:latest command: -config /test/my-pebble-config.json ports: - 14000:14000 # ACME port - 15000:15000 # Management port environment: - PEBBLE_VA_NOSLEEP=1 volumes: - ./my-pebble-config.json:/test/my-pebble-config.json ``` -------------------------------- ### Run DNS-01 Challenge Only Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Example command to run the pebble-challtestsrv with only the DNS-01 challenge enabled. Other challenge types are disabled by setting their bind addresses to an empty string. ```bash pebble-challtestsrv -http01 "" -https01 "" -tlsalpn01 "" ``` -------------------------------- ### Regenerate Pebble Certificates Source: https://github.com/letsencrypt/pebble/blob/main/test/certs/README.md Run this command from the test/certs/ directory to regenerate all Pebble certificates. Ensure MiniCA is installed and accessible. ```bash minica -ca-cert pebble.minica.pem \ -ca-key pebble.minica.key.pem \ -domains localhost,pebble \ -ip-addresses 127.0.0.1 ``` -------------------------------- ### Run Pebble Server Source: https://github.com/letsencrypt/pebble/blob/main/README.md Execute the Pebble binary with a specified configuration file. Ensure Pebble is in your PATH or use the full path to the executable. The ACME directory will be accessible at https://localhost:14000/dir after starting. ```bash pebble -config ./test/config/pebble-config.json ``` -------------------------------- ### Run TLS-ALPN-01 Challenge Only Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Example command to run the pebble-challtestsrv with only the TLS-ALPN-01 challenge enabled. Other challenge types are disabled by setting their bind addresses to an empty string. ```bash pebble-challtestsrv -http01 "" -https01 "" -dnsserver "" ``` -------------------------------- ### Run HTTP-01 Challenge Only Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Example command to run the pebble-challtestsrv with only the HTTP-01 challenge enabled. Other challenge types are disabled by setting their bind addresses to an empty string. ```bash pebble-challtestsrv -https01 "" -dnsserver "" -tlsalpn01 "" ``` -------------------------------- ### Run HTTPS-01 Challenge Only Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Example command to run the pebble-challtestsrv with only the HTTPS-01 challenge enabled. Other challenge types are disabled by setting their bind addresses to an empty string. ```bash pebble-challtestsrv -http01 "" -dnsserver "" -tlsalpn01 "" ``` -------------------------------- ### Get Request History Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Retrieves the history of requests processed by the challenge server for a specific host and event type. ```go requestHistory := challSrv.RequestHistory("example.com", challtestsrv.HTTPRequestEventType) ``` -------------------------------- ### Get HTTP Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of HTTP requests processed by the challenge server for a given host. ```APIDOC ## POST /http-request-history ### Description Retrieves the history of HTTP requests processed by the challenge server for a given host. ### Method POST ### Endpoint http://localhost:8055/http-request-history ### Parameters #### Request Body - **host** (string) - Required - The host to get the request history for. ### Request Example { "host": "example.com" } ### Response #### Success Response (200) - **URL** (string) - The URL of the request. - **Host** (string) - The host of the request. - **HTTPS** (boolean) - Indicates if the request was over HTTPS. - **ServerName** (string) - The SNI value sent by the client (if HTTPS). ### Response Example { "URL": "/test-whatever/dude?token=blah", "Host": "example.com", "HTTPS": true, "ServerName": "example-sni.com" } ``` -------------------------------- ### Retrieve CA Intermediate Certificate Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch the CA's intermediate certificate using a GET request to the specified endpoint. ```bash curl https://localhost:15000/intermediates/0 ``` -------------------------------- ### Retrieve CA Root Certificate Private Key Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch the private key for the CA's root certificate using a GET request to the specified endpoint. ```bash curl https://localhost:15000/root-keys/0 ``` -------------------------------- ### Get DNS Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of DNS requests processed by the challenge server for a given host. ```APIDOC ## POST /dns-request-history ### Description Retrieves the history of DNS requests processed by the challenge server for a given host. ### Method POST ### Endpoint http://localhost:8055/dns-request-history ### Parameters #### Request Body - **host** (string) - Required - The host to get the request history for. ### Request Example { "host": "example.com" } ### Response #### Success Response (200) - **Question** (object) - Details of the DNS question. - **Name** (string) - The name queried. - **Qtype** (integer) - The query type. - **Qclass** (integer) - The query class. ### Response Example { "Question": { "Name": "example.com.", "Qtype": 257, "Qclass": 1 } } ``` -------------------------------- ### Get TLS-ALPN-01 Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of TLS-ALPN-01 requests processed by the challenge server for a given SNI host. ```APIDOC ## POST /tlsalpn01-request-history ### Description Retrieves the history of TLS-ALPN-01 requests processed by the challenge server for a given SNI host. ### Method POST ### Endpoint http://localhost:8055/tlsalpn01-request-history ### Parameters #### Request Body - **host** (string) - Required - The SNI host to get the request history for. ### Request Example { "host": "example.com" } ### Response #### Success Response (200) - **ServerName** (string) - The SNI value sent by the client. - **SupportedProtos** (array of strings) - The advertised supported next protocols. ### Response Example { "ServerName": "example.com", "SupportedProtos": [ "dogzrule" ] } ``` -------------------------------- ### Get TLS-ALPN-01 Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of TLS-ALPN-01 requests for a given SNI host. The output includes the ServerName and supported protocols from the TLS hello. ```bash curl -d '{"host":"example.com"}' http://localhost:8055/tlsalpn01-request-history ``` -------------------------------- ### Retrieve CA Intermediate Certificate Private Key Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch the private key for the CA's intermediate certificate using a GET request to the specified endpoint. ```bash curl https://localhost:15000/intermediate-keys/0 ``` -------------------------------- ### Get DNS Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of DNS requests processed by the challenge server for a specific host. The output includes details about the DNS question. ```bash curl -d '{"host":"example.com"}' http://localhost:8055/dns-request-history ``` -------------------------------- ### Get HTTP Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Retrieves the history of HTTP requests processed by the challenge server for a specific host. The output includes details like URL, Host, HTTPS status, and ServerName. ```bash curl -d '{"host":"example.com"}' http://localhost:8055/http-request-history ``` -------------------------------- ### Retrieve CA Root Certificate Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch the CA's root certificate using a GET request to the specified endpoint. This is useful for verifying certificate trust chains in testing environments. ```bash curl https://localhost:15000/roots/0 ``` -------------------------------- ### Get Certificate Serial Number Source: https://github.com/letsencrypt/pebble/blob/main/README.md Extract the serial number from a PEM-encoded certificate using openssl. This serial is used to query certificate status. ```bash openssl x509 -in cert.pem -noout -serial | cut -d= -f2 ``` -------------------------------- ### Initialize Challenge Server Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Creates a new challenge server instance configured for HTTP-01 and DNS-01 challenges on specified addresses. Ensure the server is run in a Go routine. ```go import "github.com/letsencrypt/challtestsrv" challSrv, err := challtestsrv.New(challtestsrv.Config{ HTTPOneAddrs: []string{":8888"}, DNSAddrs: []string{":9999", "10.0.0.1:9998"}, }) if err != nil { panic(err) } ``` -------------------------------- ### System Call Entry Points Source: https://github.com/letsencrypt/pebble/blob/main/vendor/golang.org/x/sys/unix/README.md These are the hand-written assembly entry points for system call dispatch in the sys/unix package. Syscall and Syscall6 handle standard calls with varying argument counts, while RawSyscall is for low-level use without scheduler interaction. ```go func Syscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr) func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2, err uintptr) func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr) ``` -------------------------------- ### Run Pebble with Docker, Environment Variable, and Mount Source: https://github.com/letsencrypt/pebble/blob/main/README.md Run Pebble via Docker, enabling no-sleep mode and mounting a custom configuration file from the host. ```bash docker run -p 14000:14000 -p 15000:15000 -e "PEBBLE_VA_NOSLEEP=1" --mount src=$(pwd)/my-pebble-config.json,target=/test/my-pebble-config.json,type=bind ghcr.io/letsencrypt/pebble -config /test/my-pebble-config.json ``` -------------------------------- ### Pebble Challenge Test Server Usage Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Displays the available command-line flags for configuring the pebble-challtestsrv. Use this to understand how to enable/disable challenge types and set default DNS addresses. ```bash Usage of pebble-challtestsrv: -defaultIPv4 string Default IPv4 address for DNS responses to A queries (default "127.0.0.1") -defaultIPv6 string Default IPv6 address for DNS responses to AAAA queries (default "::1") -dnsserver string Comma separated bind addresses/ports for serving DNS queries. Set empty to disable. (default ":8053") -http01 string Comma separated bind addresses/ports for HTTP-01 challenges. Set empty to disable. (default ":5002") -https01 string Comma separated bind addresses/ports for HTTPS HTTP-01 challenges. Set empty to disable. (default ":5003") -management string Bind address/port for management HTTP interface (default ":8055") -tlsalpn01 string Comma separated bind addresses/ports for TLS-ALPN-01 and HTTPS HTTP-01 challenges. Set empty to disable. (default ":5001") ``` -------------------------------- ### Add DNS TXT Record Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Adds a TXT record for a given hostname, typically used for DNS-01 challenges. Deferring the deletion of the record is good practice. ```go challSrv.AddDNSTXTRecord("_acme-challenge.example.com.", "bbb") defer challSrv.DeleteDNSTXTRecord("_acme-challenge.example.com.") ``` -------------------------------- ### Add HTTP-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Use this command to add an HTTP-01 challenge response for a given token and content. The response will then be available via HTTP and HTTPS. ```bash curl -d '{"token":"aaaa", "content":"bbbb"}' http://localhost:8055/add-http01 ``` -------------------------------- ### Run Pebble-challtestsrv Container Manually Source: https://github.com/letsencrypt/pebble/blob/main/README.md Manually run a single pebble-challtestsrv container, mapping all required ports. ```bash docker run -p 5001:5001 -p 5002:5002 -p 5003:5003 -p 8053:8053 -p 8055:8055 -p 8443:8443 ghcr.io/letsencrypt/pebble-challtestsrv:latest ``` -------------------------------- ### Retrieve Alternative Intermediate Certificates Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch alternative intermediate certificates when PEBBLE_ALTERNATE_ROOTS is enabled. Endpoints are dynamically provided via Link headers. ```bash curl https://localhost:15000/intermediates/2 ``` -------------------------------- ### Add TLS-ALPN-01 Challenge Certificate Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a TLS-ALPN-01 challenge response certificate for a given host and key authorization content. ```bash curl -d '{"host":"test-host.letsencrypt.org", "content":"foo"}' http://localhost:8055/add-tlsalpn01 ``` -------------------------------- ### Shutdown Challenge Server Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Gracefully shuts down the challenge server and all its associated subservers. ```go // Shutdown the Challenge server challSrv.Shutdown() ``` -------------------------------- ### Configure SERVFAIL Response for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Configures the DNS server to return a SERVFAIL (Server Failure) response for all query types for a specified host. This overrides any other configured records. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/set-servfail ``` -------------------------------- ### Run Pebble with Docker and Environment Variable Source: https://github.com/letsencrypt/pebble/blob/main/README.md Execute Pebble using a Docker command, setting the PEBBLE_VA_NOSLEEP environment variable to disable artificial sleeps. ```bash docker run -p 14000:14000 -p 15000:15000 -e "PEBBLE_VA_NOSLEEP=1" ghcr.io/letsencrypt/pebble ``` -------------------------------- ### Retrieve Alternative Root Certificate Private Keys Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch private keys for alternative root certificates when PEBBLE_ALTERNATE_ROOTS is enabled. Endpoints are dynamically provided via Link headers. ```bash curl https://localhost:15000/root-keys/1 ``` -------------------------------- ### Set DNS-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a DNS-01 challenge response by setting a TXT record for the specified host with the given value. A period is required at the end of the host name. ```bash curl -d '{"host":"_acme-challenge.test-host.letsencrypt.org.", "value": "foo"}' http://localhost:8055/set-txt ``` -------------------------------- ### Retrieve Alternative Intermediate Certificate Private Keys Source: https://github.com/letsencrypt/pebble/blob/main/README.md Fetch private keys for alternative intermediate certificates when PEBBLE_ALTERNATE_ROOTS is enabled. Endpoints are dynamically provided via Link headers. ```bash curl https://localhost:15000/intermediate-keys/3 ``` -------------------------------- ### Add HTTP-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Adds a specific response for an HTTP-01 challenge identified by a token. It's recommended to defer the cleanup of this challenge. ```go challSrv.AddHTTPOneChallenge("aaa", "bbb") defer challSrv.DeleteHTTPOneChallenge("aaa") ``` -------------------------------- ### Add TLS-ALPN-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a TLS-ALPN-01 challenge response certificate for a given host and key authorization content. ```APIDOC ## POST /add-tlsalpn01 ### Description Adds a TLS-ALPN-01 challenge response certificate for a given host and key authorization content. ### Method POST ### Endpoint http://localhost:8055/add-tlsalpn01 ### Parameters #### Request Body - **host** (string) - Required - The host for which to add the certificate. - **content** (string) - Required - The key authorization content. ### Request Example { "host": "test-host.letsencrypt.org", "content": "foo" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Run Pebble Container Manually Source: https://github.com/letsencrypt/pebble/blob/main/README.md Manually run a single Pebble container, ensuring necessary ports are mapped to the host system. ```bash docker run -p 14000:14000 -p 15000:15000 ghcr.io/letsencrypt/pebble:latest ``` -------------------------------- ### Set DNS-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Sets a DNS-01 challenge response for a given host and value. ```APIDOC ## POST /set-txt ### Description Sets a DNS-01 challenge response for a given host and value. ### Method POST ### Endpoint http://localhost:8055/set-txt ### Parameters #### Request Body - **host** (string) - Required - The host name for the DNS record (e.g., `_acme-challenge.test-host.letsencrypt.org.`). - **value** (string) - Required - The value for the DNS record. ### Request Example { "host": "_acme-challenge.test-host.letsencrypt.org.", "value": "foo" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Set Orders Per Page for Pagination Source: https://github.com/letsencrypt/pebble/blob/main/README.md Modify the number of orders returned per page for pagination by setting the PEBBLE_WFE_ORDERS_PER_PAGE environment variable. ```bash PEBBLE_WFE_ORDERS_PER_PAGE=15 pebble ``` -------------------------------- ### Add Redirect for HTTP Requests Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Configure a redirect for incoming HTTP requests from a specified path to a target URL. Note that HTTPS requests to the same path will not be redirected to prevent loops. ```bash curl -d '{"path":"/.well-known/whatever", "targetURL": "https://localhost:5003/ok"}' http://localhost:8055/add-redirect ``` -------------------------------- ### Set Default IPv6 Address for DNS AAAA Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Configures the default IPv6 address returned for 'AAAA' DNS queries when no specific record is found. This uses the management interface of pebble-challtestsrv. ```bash curl -d '{"ip":"::1"}' http://localhost:8055/set-default-ipv6 ``` -------------------------------- ### CA Root and Intermediate Certificates Source: https://github.com/letsencrypt/pebble/blob/main/README.md Retrieve the CA's root and intermediate certificates and their corresponding private keys. These are regenerated on every launch and are primarily for testing purposes. ```APIDOC ## CA Root and Intermediate Certificates ### Description Retrieve the CA's root and intermediate certificates and their corresponding private keys. These are regenerated on every launch and are primarily for testing purposes. ### Method GET ### Endpoints - `https://localhost:15000/roots/0` - `https://localhost:15000/intermediates/0` - `https://localhost:15000/root-keys/0` - `https://localhost:15000/intermediate-keys/0` ### Notes - In case alternative root chains are enabled via `PEBBLE_ALTERNATE_ROOTS`, additional endpoints like `https://localhost:15000/root-keys/1` and `https://localhost:15000/intermediates/2` may be available. - These endpoints also send `Link` HTTP headers for all alternative root and intermediate certificates and keys. - The length of certificate chains can be controlled using `PEBBLE_CHAIN_LENGTH`. ``` -------------------------------- ### Set Default IPv4 Address for DNS A Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Configures the default IPv4 address returned for 'A' DNS queries when no specific record is found. This uses the management interface of pebble-challtestsrv. ```bash curl -d '{"ip":"10.10.10.2"}' http://localhost:8055/set-default-ipv4 ``` -------------------------------- ### Add A Records for DNS Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds one or more IPv4 addresses to be returned for 'A' DNS queries for a specified host. This is useful for testing DNS resolution with multiple IP targets. ```bash curl -d '{"host":"test-host.letsencrypt.org", "addresses":["12.12.12.12", "13.13.13.13"]}' http://localhost:8055/add-a ``` -------------------------------- ### Query Certificate Status by Serial Source: https://github.com/letsencrypt/pebble/blob/main/README.md Retrieve the revocation status and certificate details for a given serial number. The response is a JSON object. ```bash curl -ki https://127.0.0.1:15000/cert-status-by-serial/66317d2e02f5d3d6 ``` -------------------------------- ### Enable Automatic Challenge Validation Success Source: https://github.com/letsencrypt/pebble/blob/main/README.md Run Pebble with the PEBBLE_VA_ALWAYS_VALID environment variable set to 1 to bypass actual validation and treat all challenge POST requests as successful. This is useful for testing. ```bash PEBBLE_VA_ALWAYS_VALID=1 pebble ``` -------------------------------- ### Add Redirect Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a redirect for a specific path to a target URL. Requests to the specified path will be redirected. ```APIDOC ## POST /add-redirect ### Description Adds a redirect for a specific path to a target URL. Requests to the specified path will be redirected. ### Method POST ### Endpoint http://localhost:8055/add-redirect ### Parameters #### Request Body - **path** (string) - Required - The path to set up the redirect for. - **targetURL** (string) - Required - The URL to redirect to. ### Request Example { "path": "/.well-known/whatever", "targetURL": "https://localhost:5003/ok" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Configure DNS Server for Pebble Source: https://github.com/letsencrypt/pebble/blob/main/README.md Specify a custom DNS server for Pebble to use during DNS-01 validation. This can help with caching and DNSSEC issues. ```bash pebble -dnsserver 10.10.10.10:5053 ``` ```bash pebble -dnsserver 8.8.8.8:53 ``` ```bash pebble -dnsserver :5053 ``` -------------------------------- ### Configure Invalid Nonce Rejection Percentage Source: https://github.com/letsencrypt/pebble/blob/main/README.md Control the percentage of valid nonces that Pebble rejects as invalid using the PEBBLE_WFE_NONCEREJECT environment variable. This helps test ACME client retry logic. Set to 0 to never reject valid nonces. ```bash PEBBLE_WFE_NONCEREJECT=90 pebble ``` ```bash PEBBLE_WFE_NONCEREJECT=0 pebble ``` -------------------------------- ### Add AAAA Records for DNS Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds one or more IPv6 addresses to be returned for 'AAAA' DNS queries for a specified host. This is useful for testing DNS resolution with multiple IPv6 targets. ```bash curl -d '{"host":"test-host.letsencrypt.org", "addresses":["2001:4860:4860::8888", "2001:4860:4860::8844"]}' http://localhost:8055/add-aaaa ``` -------------------------------- ### Set SERVFAIL Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Configures the DNS server to return SERVFAIL for all queries for a specified host. This overrides any other configured records for that host. ```APIDOC ## POST /set-servfail ### Description Configures the DNS server to return SERVFAIL for all queries for a specified host. ### Method POST ### Endpoint http://localhost:8055/set-servfail ### Request Body - **host** (string) - Required - The hostname for which to return SERVFAIL responses. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Add HTTP-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds an HTTP-01 challenge response for a given token and content. The challenge response will be available over HTTP and HTTPS. ```APIDOC ## POST /add-http01 ### Description Adds an HTTP-01 challenge response for a given token and content. The challenge response will be available over HTTP and HTTPS. ### Method POST ### Endpoint http://localhost:8055/add-http01 ### Parameters #### Request Body - **token** (string) - Required - The token for the challenge. - **content** (string) - Required - The content to serve for the challenge. ### Request Example { "token": "aaaa", "content": "bbbb" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Add A Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds IPv4 addresses to be returned for A queries for a specified host. This allows configuring specific IP addresses for DNS A record lookups. ```APIDOC ## POST /add-a ### Description Adds IPv4 addresses to be returned for A queries for a given host. ### Method POST ### Endpoint http://localhost:8055/add-a ### Request Body - **host** (string) - Required - The hostname for which to add A records. - **addresses** (array of strings) - Required - A list of IPv4 addresses to associate with the host. ### Request Example { "host": "test-host.letsencrypt.org", "addresses": ["12.12.12.12", "13.13.13.13"] } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear DNS-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Clears a DNS-01 challenge response for a given host. ```APIDOC ## POST /clear-txt ### Description Clears a DNS-01 challenge response for a given host. ### Method POST ### Endpoint http://localhost:8055/clear-txt ### Parameters #### Request Body - **host** (string) - Required - The host name of the DNS record to clear. ### Request Example { "host": "_acme-challenge.test-host.letsencrypt.org." } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Configure OCSP Responder URL in Pebble Source: https://github.com/letsencrypt/pebble/blob/main/README.md Set the OCSP responder URL in Pebble's configuration file. This URL will be included in issued certificates. ```json { "ocspResponderURL": "http://127.0.0.1:4002" } ``` -------------------------------- ### List Orders Source: https://github.com/letsencrypt/pebble/blob/main/README.md Enumerate all orders for an ACME account object, with support for pagination. ```APIDOC ## List Orders ### Description Enumerate all orders for an ACME account object, with support for pagination. ### Method GET ### Endpoint This endpoint is described by RFC 8555, Section 7.1.2.1. The specific path for listing orders is typically found within the ACME directory. ### Notes - By default, three orders are returned per page. This number can be modified by setting the `PEBBLE_WFE_ORDERS_PER_PAGE` environment variable to a positive integer. ``` -------------------------------- ### Test Pebble at Full Speed Source: https://github.com/letsencrypt/pebble/blob/main/README.md Disable artificial sleeps between challenge validation attempts by setting the PEBBLE_VA_NOSLEEP environment variable to 1. This allows testing issuance at maximum speed. ```bash PEBBLE_VA_NOSLEEP=1 pebble -config ./test/config/pebble-config.json ``` -------------------------------- ### Run Pebble with Strict Mode Disabled Source: https://github.com/letsencrypt/pebble/blob/main/README.md Explicitly run Pebble with strict mode disabled to maintain compatibility with existing client integration tests. This setting will change in the future. ```bash pebble -strict false ``` -------------------------------- ### Control Authorization Reuse Percentage Source: https://github.com/letsencrypt/pebble/blob/main/README.md Configure the likelihood of Pebble reusing valid authorizations in new orders using the PEBBLE_AUTHZREUSE environment variable. Set to 100 to always reuse authorizations. ```bash PEBBLE_AUTHZREUSE=100 pebble ``` -------------------------------- ### Clear Default IPv4 Address for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Resets the default IPv4 address for 'A' DNS queries to its unset state. This is done by sending an empty IP address to the management interface. ```bash curl -d '{"ip":""}' http://localhost:8055/set-default-ipv4 ``` -------------------------------- ### Certificate Status by Serial Source: https://github.com/letsencrypt/pebble/blob/main/README.md Query the status and retrieve the PEM-encoded certificate using its serial number. ```APIDOC ## Certificate Status by Serial ### Description Query the status and retrieve the PEM-encoded certificate using its serial number. ### Method GET ### Endpoint `https://localhost:15000/cert-status-by-serial/` ### Parameters #### Path Parameters - **serial** (string) - Required - The hexadecimal representation of the certificate's serial number (no `0x` prefix). ### Response #### Success Response (200) - **Certificate** (string) - The certificate in PEM format. - **Reason** (integer) - The revocation reason code, if revoked. - **RevokedAt** (string) - The timestamp when the certificate was revoked, if revoked. - **Serial** (string) - The serial number of the certificate. - **Status** (string) - The status of the certificate (e.g., "Revoked"). ### Request Example ```bash curl -ki https://127.0.0.1:15000/cert-status-by-serial/66317d2e02f5d3d6 ``` ### Response Example ```json { "Certificate": "-----BEGIN CERTIFICATE-----\nMIIEVz...tcw=\n-----END CERTIFICATE-----", "Reason": 4, "RevokedAt": "2019-07-13T00:13:20.418489956+02:00", "Serial": "66317d2e02f5d3d6", "Status": "Revoked" } ``` ``` -------------------------------- ### Add AAAA Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds IPv6 addresses to be returned for AAAA queries for a specified host. This allows configuring specific IPv6 addresses for DNS AAAA record lookups. ```APIDOC ## POST /add-aaaa ### Description Adds IPv6 addresses to be returned for AAAA queries for a given host. ### Method POST ### Endpoint http://localhost:8055/add-aaaa ### Request Body - **host** (string) - Required - The hostname for which to add AAAA records. - **addresses** (array of strings) - Required - A list of IPv6 addresses to associate with the host. ### Request Example { "host": "test-host.letsencrypt.org", "addresses": ["2001:4860:4860::8888", "2001:4860:4860::8844"] } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear DNS-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes the DNS-01 challenge response for the specified host. ```bash curl -d '{"host":"_acme-challenge.test-host.letsencrypt.org."}' http://localhost:8055/clear-txt ``` -------------------------------- ### Pebble Management Interface Configuration Source: https://github.com/letsencrypt/pebble/blob/main/README.md The management interface is configured via the 'managementListenAddress' field in pebble-config.json. The default configuration listens on all interfaces on port 15000. ```json "managementListenAddress": "0.0.0.0:15000", ``` -------------------------------- ### Set CNAME Record Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds or updates a CNAME record for a specified host, pointing to a target host. This is used for configuring DNS CNAME records. ```APIDOC ## POST /set-cname ### Description Adds or updates a CNAME record for a specified host, pointing to a target host. ### Method POST ### Endpoint http://localhost:8055/set-cname ### Request Body - **host** (string) - Required - The hostname for which to set the CNAME record. - **target** (string) - Required - The target hostname for the CNAME record. ### Request Example { "host": "_acme-challenge.test-host.letsencrypt.org", "target": "challenges.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Set CNAME Record for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Sets a Canonical Name (CNAME) record for a specified host, redirecting queries to a target host. This is used for aliasing domain names. ```bash curl -d '{"host":"_acme-challenge.test-host.letsencrypt.org", "target": "challenges.letsencrypt.org"}' http://localhost:8055/set-cname ``` -------------------------------- ### Clear SERVFAIL Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes the SERVFAIL configuration for a specified host, allowing normal DNS record resolution to resume. This reverts the behavior set by `/set-servfail`. ```APIDOC ## POST /clear-servfail ### Description Removes the SERVFAIL configuration for a specified host. ### Method POST ### Endpoint http://localhost:8055/clear-servfail ### Request Body - **host** (string) - Required - The hostname for which to clear the SERVFAIL configuration. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Add CAA Policy for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a Certification Authority Authorization (CAA) policy for a specific host. This policy dictates which CAs are allowed to issue certificates for the domain. ```bash curl -d '{"host":"test-host.letsencrypt.org", "policies":[{"tag":"issue","value":"letsencrypt.org"}]}' http://localhost:8055/add-caa ``` -------------------------------- ### Clear SERVFAIL Response for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes the SERVFAIL configuration for a specific host, allowing normal DNS resolution to resume based on other configured records. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/clear-servfail ``` -------------------------------- ### Clear Request History Source: https://github.com/letsencrypt/pebble/blob/main/vendor/github.com/letsencrypt/challtestsrv/README.md Clears the recorded history of requests for a given host and event type. ```go challSrv.ClearRequestHistory("example.com", challtestsrv.HTTPRequestEventType) ``` -------------------------------- ### Remove TLS-ALPN-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes the TLS-ALPN-01 challenge response certificate for the specified host. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/del-tlsalpn01 ``` -------------------------------- ### Remove Redirect Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes a previously configured redirect for a given path. ```bash curl -d '{"path":"/.well-known/whatever"}' http://localhost:8055/del-redirect ``` -------------------------------- ### Delete TLS-ALPN-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes a TLS-ALPN-01 challenge response for a given host. ```APIDOC ## POST /del-tlsalpn01 ### Description Removes a TLS-ALPN-01 challenge response for a given host. ### Method POST ### Endpoint http://localhost:8055/del-tlsalpn01 ### Parameters #### Request Body - **host** (string) - Required - The host for which to remove the challenge response. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Delete HTTP-01 Challenge Response Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Use this command to remove a previously added HTTP-01 challenge response for a specific token. ```bash curl -d '{"token":"aaaa"}' http://localhost:8055/del-http01 ``` -------------------------------- ### Delete Redirect Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes a previously configured redirect for a given path. ```APIDOC ## POST /del-redirect ### Description Removes a previously configured redirect for a given path. ### Method POST ### Endpoint http://localhost:8055/del-redirect ### Parameters #### Request Body - **path** (string) - Required - The path of the redirect to remove. ### Request Example { "path": "/.well-known/whatever" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Set Default IPv6 Address Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Sets the default IPv6 address used for AAAA query responses when no explicit records are configured. This is useful for controlling the IP address returned for AAAA queries in test scenarios. ```APIDOC ## POST /set-default-ipv6 ### Description Sets the default IPv6 address for DNS AAAA query responses. ### Method POST ### Endpoint http://localhost:8055/set-default-ipv6 ### Request Body - **ip** (string) - Required - The IPv6 address to set as the default. ### Request Example { "ip": "::1" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear A Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured A records for a specified host. This is useful for cleaning up test configurations or resetting DNS records. ```APIDOC ## POST /clear-a ### Description Removes all configured A records for a specified host. ### Method POST ### Endpoint http://localhost:8055/clear-a ### Request Body - **host** (string) - Required - The hostname for which to clear A records. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear A Records for DNS Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured IPv4 addresses for 'A' DNS queries for a specific host. This resets the DNS records for that host to their default or unset state. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/clear-a ``` -------------------------------- ### Set Default IPv4 Address Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Sets the default IPv4 address used for A query responses when no explicit records are configured. This is useful for controlling the IP address returned for A queries in test scenarios. ```APIDOC ## POST /set-default-ipv4 ### Description Sets the default IPv4 address for DNS A query responses. ### Method POST ### Endpoint http://localhost:8055/set-default-ipv4 ### Request Body - **ip** (string) - Required - The IPv4 address to set as the default. ### Request Example { "ip": "10.10.10.2" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Add CAA Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Adds a CAA policy for a specified host. This allows configuring which certificate authorities are permitted to issue certificates for a domain. ```APIDOC ## POST /add-caa ### Description Adds a CAA policy for a specified host. ### Method POST ### Endpoint http://localhost:8055/add-caa ### Request Body - **host** (string) - Required - The hostname for which to add a CAA policy. - **policies** (array of objects) - Required - A list of CAA policies to apply. - **tag** (string) - Required - The CAA tag (e.g., "issue"). - **value** (string) - Required - The value for the CAA tag (e.g., "letsencrypt.org"). ### Request Example { "host": "test-host.letsencrypt.org", "policies": [{"tag": "issue", "value": "letsencrypt.org"}] } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear AAAA Records for DNS Queries Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured IPv6 addresses for 'AAAA' DNS queries for a specific host. This resets the DNS records for that host to their default or unset state. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/clear-aaaa ``` -------------------------------- ### Delete HTTP-01 Challenge Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Deletes an HTTP-01 challenge response for a given token. ```APIDOC ## POST /del-http01 ### Description Deletes an HTTP-01 challenge response for a given token. ### Method POST ### Endpoint http://localhost:8055/del-http01 ### Parameters #### Request Body - **token** (string) - Required - The token of the challenge to delete. ### Request Example { "token": "aaaa" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` -------------------------------- ### Clear CAA Policy for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured CAA policies for a specific host. This effectively allows any CA to issue certificates for the domain, subject to other DNS records. ```bash curl -d '{"host":"test-host.letsencrypt.org"}' http://localhost:8055/clear-caa ``` -------------------------------- ### Clear CNAME Record for DNS Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes a configured CNAME record for a specific host. This stops the DNS alias, and subsequent queries will resolve based on other records. ```bash curl -d '{"host":"_acme-challenge.test-host.letsencrypt.org", "target": "challenges.letsencrypt.org"}' http://localhost:8055/clear-cname ``` -------------------------------- ### Clear CNAME Record Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes a CNAME record for a specified host. This is used for cleaning up CNAME record configurations. ```APIDOC ## POST /clear-cname ### Description Removes a CNAME record for a specified host. ### Method POST ### Endpoint http://localhost:8055/clear-cname ### Request Body - **host** (string) - Required - The hostname for which to clear the CNAME record. - **target** (string) - Required - The target hostname of the CNAME record to remove. ### Request Example { "host": "_acme-challenge.test-host.letsencrypt.org", "target": "challenges.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Clears the request history for a specific host and request type (http, dns, or tlsalpn). ```bash curl -d '{"host":"example.com", "type":"http"}' http://localhost:8055/clear-request-history ``` ```bash curl -d '{"host":"example.com", "type":"dns"}' http://localhost:8055/clear-request-history ``` ```bash curl -d '{"host":"example.com", "type":"tlsalpn"}' http://localhost:8055/clear-request-history ``` -------------------------------- ### Clear AAAA Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured AAAA records for a specified host. This is useful for cleaning up test configurations or resetting DNS records. ```APIDOC ## POST /clear-aaaa ### Description Removes all configured AAAA records for a specified host. ### Method POST ### Endpoint http://localhost:8055/clear-aaaa ### Request Body - **host** (string) - Required - The hostname for which to clear AAAA records. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear CAA Records Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Removes all configured CAA policies for a specified host. This is useful for resetting CAA record configurations. ```APIDOC ## POST /clear-caa ### Description Removes all configured CAA policies for a specified host. ### Method POST ### Endpoint http://localhost:8055/clear-caa ### Request Body - **host** (string) - Required - The hostname for which to clear CAA policies. ### Request Example { "host": "test-host.letsencrypt.org" } ### Response #### Success Response (200) No specific response body is detailed, indicating a successful operation. #### Response Example (No example provided in source) ``` -------------------------------- ### Clear Request History Source: https://github.com/letsencrypt/pebble/blob/main/cmd/pebble-challtestsrv/README.md Clears the request history for a specified host and type (http, dns, or tlsalpn). ```APIDOC ## POST /clear-request-history ### Description Clears the request history for a specified host and type (http, dns, or tlsalpn). ### Method POST ### Endpoint http://localhost:8055/clear-request-history ### Parameters #### Request Body - **host** (string) - Required - The host to clear the request history for. - **type** (string) - Required - The type of history to clear (e.g., "http", "dns", "tlsalpn"). ### Request Example { "host": "example.com", "type": "http" } ### Response #### Success Response (200) (No specific response body documented, typically an empty success response) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.