mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 12:21:31 +00:00
shankar0123
d364ace02a
Phase 2 SEC-M4 (commit 5062624) added a fail-closed pairing requirement: when CERTCTL_ACME_INSECURE=true, the server refuses to start unless CERTCTL_ACME_INSECURE_ACK=true is also set. The integration test compose at deploy/docker-compose.test.yml has been setting CERTCTL_ACME_INSECURE=true (correct — Pebble's self-signed ACME directory needs TLS verification disabled) but never set the paired ACK, so the certctl-test-server container restart-loops with: Failed to load configuration: phase-2 SEC-M4 fail-closed guard: CERTCTL_ACME_INSECURE=true but CERTCTL_ACME_INSECURE_ACK is not true — refuse to start. This breaks the deploy-vendor-e2e CI job that exercises the EST/ACME integration stack. Fix: set CERTCTL_ACME_INSECURE_ACK=true alongside the existing CERTCTL_ACME_INSECURE=true. The ACK posture is correct here because the integration suite is built around Pebble's self-signed directory — that's the design. The guard's purpose (block accidental production deploys with TLS verify disabled) is preserved by the ACK still being explicit per-environment, not a fail-open default.