Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG# letsencrypt.sh register #23

Open
cs-network opened this issue Jun 2, 2016 · 8 comments
Open

BUG# letsencrypt.sh register #23

cs-network opened this issue Jun 2, 2016 · 8 comments

Comments

@cs-network
Copy link

Issue while registering account ike documented.
Output:

register account
unhandled response while registering account

HTTP/1.1 100 Continue
Expires: Thu, 02 Jun 2016 14:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: 7FWDn2F7tB393-7umusDLD0VObciMtO6FjUUL2Rk8zE
Expires: Thu, 02 Jun 2016 14:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 02 Jun 2016 14:36:12 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Invalid JWK in JWS header",
  "status": 400
}

I run thoose commands:

umask 0177
openssl genrsa -out account.key 4096
umask 0022

./letsencrypt.sh register -a account.key -e [email protected]

Any Ideas what could I change?

Thanks for your work an regards
Christian
@gheift
Copy link
Owner

gheift commented Jun 2, 2016

I cannot reproduce your error. Can you run
sh -x ./letsencrypt.sh register -a account.key -e [email protected]
and post the output?

@rcloran
Copy link

rcloran commented Jul 6, 2016

I'm seeing the same on OS X. Here's sh -x output:

+ trap 'rm -f "$RESP_HEADER" "$RESP_BODY" "$LAST_NONCE" "$LAST_NONCE_FETCH" "$OPENSSL_CONFIG" "$OPENSSL_IN" "$OPENSSL_OUT" "$OPENSSL_ERR" "$TMP_SERVER_CSR"' 0 2 3 9 11 13 15
++ mktemp -t le.44270.resp-header.XXXXXX
+ RESP_HEADER=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
++ mktemp -t le.44270.resp-body.XXXXXX
+ RESP_BODY=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue
++ mktemp -t le.44270.nonce.XXXXXX
+ LAST_NONCE=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
++ mktemp -t le.44270.nonce-fetch.XXXXXX
+ LAST_NONCE_FETCH=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1
++ mktemp -t le.44270.openssl.cnf.XXXXXX
+ OPENSSL_CONFIG=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.cnf.XXXXXX.gGdwIX3s
++ mktemp -t le.44270.openssl.in.XXXXXX
+ OPENSSL_IN=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.in.XXXXXX.rUx3RjHe
++ mktemp -t le.44270.openssl.out.XXXXXX
+ OPENSSL_OUT=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.out.XXXXXX.KQ5DUzyW
++ mktemp -t le.44270.openssl.err.XXXXXX
+ OPENSSL_ERR=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.err.XXXXXX.5JeU6zi3
++ mktemp -t le.44270.server.csr.XXXXXX
+ TMP_SERVER_CSR=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.server.csr.XXXXXX.mfNQoEzz
+ CA=https://acme-staging.api.letsencrypt.org
+ CA=https://acme-v01.api.letsencrypt.org
+ PROTECTED=
+ PAYLOAD=
+ SIGNATURE=
+ ACCOUNT_KEY=
+ ACCOUNT_JWK=
+ REQ_JWKS=
+ ACCOUNT_THUMB=
+ SERVER_KEY=
+ SERVER_CSR=
+ SERVER_CERT=
+ ACCOUNT_EMAIL=
+ DOMAINS=
+ DOMAIN_DATA=
+ WEBDIR=
+ PUSH_TOKEN=
+ QUIET=
+ '[' 5 -gt 0 ']'
+ ACTION=register
+ shift
+ SHOW_THUMBPRINT=0
+ case "$ACTION" in
+ getopts :hqa:e:p name
+ case "$name" in
+ ACCOUNT_KEY=account.key
+ getopts :hqa:e:p name
+ case "$name" in
+ [email protected]
+ getopts :hqa:e:p name
+ shift 4
+ case "$ACTION" in
+ load_account_key
+ '[' -n account.key ']'
+ '[' -r account.key ']'
+ openssl rsa -in account.key -noout
+ handle_openssl_exit 0 'opening account key'
+ OPENSSL_EXIT=0
+ OPENSSL_ACTION='opening account key'
+ '[' 0 '!=' 0 ']'
++ key_get_exponent account.key
++ openssl pkey -inform perm -in account.key -noout -text_pub
++ handle_openssl_exit 0 'extracting account key exponent'
++ OPENSSL_EXIT=0
++ OPENSSL_ACTION='extracting account key exponent'
++ '[' 0 '!=' 0 ']'
++ sed -e '/Exponent: / ! d; s/Exponent: [0-9]*\s\+(\(\(0\)x\([0-9]\)\|0x\)\(\([0-9][0-9]\)*\))/\2\3\4/'
++ xxd -r -p
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
++ key_get_modulus account.key
++ openssl rsa -in account.key -modulus -noout
++ handle_openssl_exit 0 'extracting account key modulus'
++ OPENSSL_EXIT=0
++ OPENSSL_ACTION='extracting account key modulus'
++ '[' 0 '!=' 0 ']'
++ sed -e 's/^Modulus=//'
++ xxd -r -p
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ ACCOUNT_JWK='{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}'
+ REQ_JWKS='{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}}'
++ echo '{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}'
++ tr -d '\r\n'
++ openssl dgst -sha256 -binary
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ ACCOUNT_THUMB=n90NpYuKZpl5aG9g7vdCLcSSNxz67UWbzLLEk_tkKVA
+ '[' -z [email protected] ']'
+ register_account_key
+ log 'register account'
+ '[' -z '' ']'
+ echo 'register account'
register account
+ NEW_REG='{"resource":"new-reg","contact":["mailto:[email protected]"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+ send_req https://acme-v01.api.letsencrypt.org/acme/new-reg '{"resource":"new-reg","contact":["mailto:[email protected]"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+ URI=https://acme-v01.api.letsencrypt.org/acme/new-reg
+ gen_protected
++ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
+ NONCE=
+ '[' -z '' ']'
+ curl -D /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1 -o /dev/null -s https://acme-v01.api.letsencrypt.org/directory
+ handle_curl_exit 0 https://acme-v01.api.letsencrypt.org/directory
+ CURL_EXIT=0
+ CURL_URI=https://acme-v01.api.letsencrypt.org/directory
+ '[' 0 '!=' 0 ']'
+ sed -e '/Replay-Nonce: / ! d; s/^Replay-Nonce: //' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1
+ tr -d '\r\n'
++ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
+ NONCE=PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc
+ '[' -n PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc ']'
++ echo '{"nonce":"PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc"}'
++ tr -d '\n\r'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ PROTECTED=eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ
+ echo
+ tr -d '\n\r'
++ echo '{"resource":"new-reg","contact":["mailto:[email protected]"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ PAYLOAD=eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K
+ gen_signature
+ printf %s eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ.eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K
+ openssl dgst -sha256 -binary -sign account.key
+ handle_openssl_exit 0 'signing request'
+ OPENSSL_EXIT=0
+ OPENSSL_ACTION='signing request'
+ '[' 0 '!=' 0 ']'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ SIGNATURE=wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ
+ DATA='{"header":{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}},"protected":"eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ","payload":"eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K","signature":"wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ"}'
+ curl -s -d '{"header":{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}},"protected":"eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ","payload":"eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K","signature":"wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ"}' -D /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR -o /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue https://acme-v01.api.letsencrypt.org/acme/new-reg
+ handle_curl_exit 0 https://acme-v01.api.letsencrypt.org/acme/new-reg
+ CURL_EXIT=0
+ CURL_URI=https://acme-v01.api.letsencrypt.org/acme/new-reg
+ '[' 0 '!=' 0 ']'
+ sed -e '/Replay-Nonce: / ! d; s/^Replay-Nonce: //' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ tr -d '\r\n'
+ check_http_status 201
+ fgrep -q 'HTTP/1.1 201 ' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ check_http_status 409
+ fgrep -q 'HTTP/1.1 409 ' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ unhandled_response 'registering account'
+ echo 'unhandled response while registering account'
unhandled response while registering account
+ echo

+ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue
HTTP/1.1 100 Continue
Expires: Wed, 06 Jul 2016 03:37:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Boulder-Request-Id: OzloiUNVDAYSJTjSryf3c5ibLTS4iifgyQdvh9ti-mI
Replay-Nonce: AUpQbYIfKEf9LwfnjMuJF7vH1bM-LnmhtlgvtPU_8ks
Expires: Wed, 06 Jul 2016 03:37:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2016 03:37:07 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Invalid JWK in JWS header",
  "status": 400
}+ echo

+ exit 1
+ rm -f /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1 /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.cnf.XXXXXX.gGdwIX3s /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.in.XXXXXX.rUx3RjHe /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.out.XXXXXX.KQ5DUzyW /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.err.XXXXXX.5JeU6zi3 /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.server.csr.XXXXXX.mfNQoEzz

@bruncsak
Copy link

bruncsak commented Jul 6, 2016

The problem is with the extraction of the exponent from the key. (see: "e":"" ).
Could you give the output of the following command on your OS X system please?

openssl pkey -inform perm -in account.key -noout -text_pub | grep -i Exponent

@rcloran
Copy link

rcloran commented Jul 6, 2016 

$  openssl pkey -inform perm -in account.key -noout -text_pub | grep -i Exponent

openssl:Error: 'pkey' is an invalid command.
...
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

Looks like I could install a more recent openssl from homebrew which would probably fix this. Don't really have time to dig now myself, but happy to try things you tell me to :)

@bruncsak
Copy link

bruncsak commented Jul 7, 2016

Thanks for the feedback. Would you try my version please? It supposed to work with your older version of openssl as well. Please let us know how it goes.

@wolfiepawz
Copy link

I'm getting:

{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]",
  "status": 400
}

@kckrinke kckrinke mentioned this issue Sep 4, 2016
Open
@paulojribp
Copy link

paulojribp commented Oct 17, 2016
edited
Loading

I'm getting the same error. My exponent output is:
Exponent: 65537 (0x10001)

I'm running on Ubuntu 12.04 server.

@paulojribp
Copy link

Ok, I did this change (https://github.com/gheift/letsencrypt.sh/pull/27/files/f3b571f312b4c29b3dde77f1cb5231aa4edbb518) and seems it works.
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@gheift @paulojribp @rcloran @wolfiepawz @cs-network @bruncsak