Post AX2q7Zb0DbcOAGo6FM by neganeko@ryona.agency
 (DIR) More posts by neganeko@ryona.agency
 (DIR) Post #AX1rQOwPxgrzPzPDbk by mint@ryona.agency
       2023-06-24T21:35:04.849758Z
       
       0 likes, 2 repeats
       
       Yeah, maybe writing an acme client in pure sh wasn't the best idea.https://github.com/acmesh-official/acme.sh/issues/4659
       
 (DIR) Post #AX1slONFMkOph6WnEO by neko@ryona.agency
       2023-06-24T21:50:04.347931Z
       
       2 likes, 1 repeats
       
       @mint fuck, i used this on my old server. ive had more success with openbsd's acme-client though
       
 (DIR) Post #AX1toETGjzpXnuGMjY by mint@ryona.agency
       2023-06-24T22:01:45.704268Z
       
       1 likes, 1 repeats
       
       @neko The issue seems to be with a singular CA with jury-rigged ACME server and is fixed at least the base script. That CA immediately closed down after that for some reason. Can't say if it can't be exploited with dozens of hooks for DNS hosters, though.
       
 (DIR) Post #AX1u7Iv8QERb6cOJGq by gray@ryona.agency
       2023-06-24T22:05:19.637958Z
       
       1 likes, 1 repeats
       
       @mint @neko used acme for my instance too. I neglected it and the carts expired though
       
 (DIR) Post #AX2q7Zb0DbcOAGo6FM by neganeko@ryona.agency
       2023-06-25T08:55:11.674769Z
       
       1 likes, 1 repeats
       
       @mint @neko :laugh: what is even going on here> used exec to get better error messagesthe fuckI guess the only redeeming detail is that hopefully CAs are trustworthy so hopefully none of them would take advantage of this RCE vuln so hopefully no actual exploits happened in practice... or HiCA sold an exploit service. who knowsscreenshot_2023-06-25_acmesh_hi…screenshot_2023-06-25_acmesh_ex…