From c703ebce4814d71ab7ebfc074d19b8d2c4c4bbdf Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Wed, 20 Jan 2016 07:10:21 -0500
Subject: Fetch nonce instead of hard-coding it

---
 acme.hs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/acme.hs b/acme.hs
index 2f8138c..f8e92e3 100644
--- a/acme.hs
+++ b/acme.hs
@@ -17,6 +17,7 @@ import qualified Data.ByteString.Lazy as LB
 import qualified Data.ByteString.Base64.URL as Base64
 import Data.Digest.Pure.SHA (bytestringDigest, sha256)
 import Data.Text.Encoding (decodeUtf8)
+import qualified Data.Text as T
 import OpenSSL.EVP.PKey
 import OpenSSL.PEM (readPublicKey)
 import OpenSSL.RSA
@@ -31,6 +32,9 @@ main = do
   case toPublicKey userKey_ of
     Nothing -> error "Not a public RSA key."
     Just (userKey :: RSAPubKey) -> do
+
+      nonce_ <- view (responseHeader "Replay-Nonce" . to (T.unpack . decodeUtf8)) <$> get "https://acme-v01.api.letsencrypt.org/directory"
+
       let protected = b64 (header userKey nonce_)
 
       -- Create user account
@@ -65,9 +69,6 @@ main = do
     domain :: String
     domain = "aaa.reesd.com"
 
-    nonce_ :: String
-    nonce_ = "ckYlMQ7BflfUb7HmxipdSpnkFle83-8lUkn50U-X97Q"
-
     terms :: String
     terms = "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 
-- 
cgit v1.2.3