Giter VIP home page Giter VIP logo

Comments (13)

mlocati avatar mlocati commented on July 21, 2024

I have the same problem.

I tested letsencrypt-nosudo with Boulder too (run letsencrypt/tests/boulder-start.sh to start it).

Here's the output of Boulder log:

09:39:36 boulder-wfe Successful request JSON={"ID":"J6011G2LSsQMR1E1jgDKEDdfRoAhI_lqgvS06f1zgbc","ClientAddr":"[::1]:38639","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.386919847+01:00","ResponseTime":"2015-12-21T09:39:36.386941368+01:00","Errors":null}
09:39:36 boulder-wfe Successful request JSON={"ID":"snkb5VAv3SlHaquLokEIoe5E8_ZogDPCmQy1yU-LfSk","ClientAddr":"[::1]:38640","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.388670282+01:00","ResponseTime":"2015-12-21T09:39:36.388678413+01:00","Errors":null}
09:39:36 boulder-wfe Successful request JSON={"ID":"VIXj4uD04MUQmVeFcpI0rwMHGcDvYcst6LIuZ6T2OJs","ClientAddr":"[::1]:38641","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.397550542+01:00","ResponseTime":"2015-12-21T09:39:36.397559818+01:00","Errors":null}
09:39:41 boulder-wfe  [c>][WFE->SA.u.d55357] requesting GetRegistrationByKey({"kty":"RSA","n":"2wyEGG2jrBReBW6VMVNv3I-uP2wTPyswSClA5QbsaButQnZgxGUPiLRrqD-isy1nPO2y-gEiVC9DJ-rHNaijAfj_mN9SUBMiV2ooTcgBu4KBNC6zWcBDzCxFVPgptuXAoiHG88A3faNkHwq6U5CLiXgkROXZithRHPEP5B2dDXFTFAbTcuooZ1hx0T_16j218ZOfR9yiSjWxuy1ZbJ925DDnpUD_X-DZUTmktYQZpXi41ieIc_cUeI53V0Q_YyqhSBS_E3cD8VkkkK0pVFuCkJResXowOy0ZXlcu8I7aiq1dAwwagGB6FHhzMQJc-ZK6e8NciPC6iKB36DnxDHpgheq3CFjbul7p8L2Ip9OyPHixvFOhq7HGiRmRTzl3bNUo-F0hO25HdiiPpN1cCzRY-q4ZD-MOkGvPG5AJViP3qW5kcDxFoChU--ilZ1hcsyEuD26Q6Pg_mvRu4bnGNhmMG_OK08EZuoO0oNaeaIIR6by4kruJwfe2Z8X87LwgHyhHVbYylnowz5ZPy4DHPMrZhkmCl_eU4OxfRnVDXJd_mz63tlGAxpF-tMEbDfrc5bjzZnF_fWCqmfnv8rIg3UO0BsP7nriDyrGwBP5-uJqt6kF7n7fWkugWOa8NF9_vTAo0fmqSb7FXTbJWsFbzQHizsrfIuALO5YI8iVFySSHrem8","e":"AQAB"}) [QZTAux4uMq4]
09:39:41 activity-monitor MONITOR: {"Acknowledger":{},"Headers":null,"ContentType":"","ContentEncoding":"","DeliveryMode":0,"Priority":0,"CorrelationId":"QZTAux4uMq4","ReplyTo":"WFE-\u003eSA.u.d55357","Expiration":"30000","MessageId":"","Timestamp":"2015-12-21T09:39:41+01:00","Type":"GetRegistrationByKey","UserId":"","AppId":"","ConsumerTag":"boulder","MessageCount":0,"DeliveryTag":1,"Redelivered":false,"Exchange":"boulder","RoutingKey":"SA.server","Body":"eyJrdHkiOiJSU0EiLCJuIjoiMnd5RUdHMmpyQlJlQlc2Vk1WTnYzSS11UDJ3VFB5c3dTQ2xBNVFic2FCdXRRblpneEdVUGlMUnJxRC1pc3kxblBPMnktZ0VpVkM5REotckhOYWlqQWZqX21OOVNVQk1pVjJvb1RjZ0J1NEtCTkM2eldjQkR6Q3hGVlBncHR1WEFvaUhHODhBM2ZhTmtId3E2VTVDTGlYZ2tST1haaXRoUkhQRVA1QjJkRFhGVEZBYlRjdW9vWjFoeDBUXzE2ajIxOFpPZlI5eWlTald4dXkxWmJKOTI1RERucFVEX1gtRFpVVG1rdFlRWnBYaTQxaWVJY19jVWVJNTNWMFFfWXlxaFNCU19FM2NEOFZra2tLMHBWRnVDa0pSZXNYb3dPeTBaWGxjdThJN2FpcTFkQXd3YWdHQjZGSGh6TVFKYy1aSzZlOE5jaVBDNmlLQjM2RG54REhwZ2hlcTNDRmpidWw3cDhMMklwOU95UEhpeHZGT2hxN0hHaVJtUlR6bDNiTlVvLUYwaE8yNUhkaWlQcE4xY0N6UlktcTRaRC1NT2tHdlBHNUFKVmlQM3FXNWtjRHhGb0NoVS0taWxaMWhjc3lFdUQyNlE2UGdfbXZSdTRibkdOaG1NR19PSzA4RVp1b08wb05hZWFJSVI2Ynk0a3J1SndmZTJaOFg4N0x3Z0h5aEhWYll5bG5vd3o1WlB5NERIUE1yWmhrbUNsX2VVNE94ZlJuVkRYSmRfbXo2M3RsR0F4cEYtdE1FYkRmcmM1Ymp6Wm5GX2ZXQ3FtZm52OHJJZzNVTzBCc1A3bnJpRHlyR3dCUDUtdUpxdDZrRjduN2ZXa3VnV09hOE5GOV92VEFvMGZtcVNiN0ZYVGJKV3NGYnpRSGl6c3JmSXVBTE81WUk4aVZGeVNTSHJlbTgiLCJlIjoiQVFBQiJ9"}
09:39:41  boulder-sa  [s<][SA.server][WFE->SA.u.d55357] received GetRegistrationByKey({"kty":"RSA","n":"2wyEGG2jrBReBW6VMVNv3I-uP2wTPyswSClA5QbsaButQnZgxGUPiLRrqD-isy1nPO2y-gEiVC9DJ-rHNaijAfj_mN9SUBMiV2ooTcgBu4KBNC6zWcBDzCxFVPgptuXAoiHG88A3faNkHwq6U5CLiXgkROXZithRHPEP5B2dDXFTFAbTcuooZ1hx0T_16j218ZOfR9yiSjWxuy1ZbJ925DDnpUD_X-DZUTmktYQZpXi41ieIc_cUeI53V0Q_YyqhSBS_E3cD8VkkkK0pVFuCkJResXowOy0ZXlcu8I7aiq1dAwwagGB6FHhzMQJc-ZK6e8NciPC6iKB36DnxDHpgheq3CFjbul7p8L2Ip9OyPHixvFOhq7HGiRmRTzl3bNUo-F0hO25HdiiPpN1cCzRY-q4ZD-MOkGvPG5AJViP3qW5kcDxFoChU--ilZ1hcsyEuD26Q6Pg_mvRu4bnGNhmMG_OK08EZuoO0oNaeaIIR6by4kruJwfe2Z8X87LwgHyhHVbYylnowz5ZPy4DHPMrZhkmCl_eU4OxfRnVDXJd_mz63tlGAxpF-tMEbDfrc5bjzZnF_fWCqmfnv8rIg3UO0BsP7nriDyrGwBP5-uJqt6kF7n7fWkugWOa8NF9_vTAo0fmqSb7FXTbJWsFbzQHizsrfIuALO5YI8iVFySSHrem8","e":"AQAB"}) [QZTAux4uMq4]
09:39:41  boulder-sa SQL:  SELECT * FROM registrations WHERE jwk_sha256 = ? [1:"DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0="]
09:39:41  boulder-sa  [s>][SA.server][WFE->SA.u.d55357] replying GetRegistrationByKey: , RPCERR: &{No registrations with public key sha256 DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0= NoSuchRegistrationError 0} [QZTAux4uMq4]
09:39:41 activity-monitor MONITOR: {"Acknowledger":{},"Headers":null,"ContentType":"","ContentEncoding":"","DeliveryMode":0,"Priority":0,"CorrelationId":"QZTAux4uMq4","ReplyTo":"","Expiration":"30000","MessageId":"","Timestamp":"2015-12-21T09:39:41+01:00","Type":"GetRegistrationByKey","UserId":"","AppId":"","ConsumerTag":"boulder","MessageCount":0,"DeliveryTag":2,"Redelivered":false,"Exchange":"boulder","RoutingKey":"WFE-\u003eSA.u.d55357","Body":"eyJyZXR1cm5WYWwiOm51bGwsImVycm9yIjp7InZhbHVlIjoiTm8gcmVnaXN0cmF0aW9ucyB3aXRoIHB1YmxpYyBrZXkgc2hhMjU2IEROTzNkKzRDMXhFM2xwaFYwdHlLeXdHbURzc0NydjZtVEtqNEVwSGxlTDA9IiwidHlwZSI6Ik5vU3VjaFJlZ2lzdHJhdGlvbkVycm9yIn19"}
09:39:41 boulder-wfe  [c<][WFE->SA.u.d55357] response GetRegistrationByKey: , RPCERR: &{No registrations with public key sha256 DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0= NoSuchRegistrationError 0} [QZTAux4uMq4]
09:39:41 boulder-wfe Terminated request JSON={"ID":"ScagzfzWKPOrPpToNnWh9OLE3cf0R8I4PGwQ_szlwUs","ClientAddr":"[::1]:38642","Endpoint":"/acme/new-reg","Method":"POST","RequestTime":"2015-12-21T09:39:41.82590821+01:00","ResponseTime":"2015-12-21T09:39:41.833769435+01:00","Errors":["verification of JWS with the JWK failed: square/go-jose: error in cryptographic primitive; body: {\n    \"header\": {\n        \"alg\": \"RS256\", \n        \"jwk\": {\n            \"e\": \"AQAB\", \n            \"k","400 :: urn:acme:error:malformed :: JWS verification error"]}

from acme-nosudo.

mlocati avatar mlocati commented on July 21, 2024

PS: in order to use Boulder instead of official letsencrypt server you have to change sign_csr.py by setting CA = "http://localhost:4000"

from acme-nosudo.

mlocati avatar mlocati commented on July 21, 2024

I did some tests, and it seems that the n key of jwk is different from the one generated by the official letsencrypt client.

For instance, let's take this private key:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrYL5Zq4rvXwEn
acjPDXjrl0UnAKfAchtNQIyEdf/a41tFgZkw1DXS2s+9eWNBarWYEwGhFoiOeeop
ShU7qa5IKL7pwLaO8vPbTPNWZZ9sy3Vx18lB54IyRPBX5lrLU+n0XuYyFcZa1+Gd
Dtgu+AQQqjDGGuSJecuABWH+rzzfumMi9K4gP9S0J8vq60mRna6R47Ati7t/jBJm
b2vSoSaWjtKf0LJoRPnbc7SgYF8D4JWJ3xQnsa8LrrBudV5j+N3uRDMimUeHL6iW
1KoAb8g1Iql/b3/2C0Z0M/O/13sECytFxDBVP9W+lvHwNF7pZR+C/BvhFH6FnrFI
fRismw8BAgMBAAECggEBAIsHKqS4Azf5TIhayusdtND6oMDpSS1X5EohaV00FOHP
u4WBg3MXVKq/k/PT++9fz/2UvaefDhz3Tj08ukjyeE5Vr7sV+YOyGJ35qRaXzmOG
ErrOIZjzZK2/O3MzjsiQRKVYL0rGW2nq5D5zgnFoBnQ2fObZfjkAs1QiCcOBCdM8
nttTO31JCwyBuTKGK3KaJdoba6dVze5Xhm1b/haCmq2EJOML5G73jK7m8aYkVDFb
FJOShYATyz5Xju33QEPz+HWcMrk/TKZFRQYSjWFAzy0/ENrMptIVff3UN0KL0YSl
0hNHlJwHStDEZAiMw4A20ojtKqfUkyR1kPzxpWdi/BkCgYEA4VVFhv5RNSJUGm1I
zhJT54UlfIW57c/NWx/Tqbhe0QYg//sM4c/s8lw45lvmRc7vKs6C/ZGo18p+XNT+
BaZdNFlxbtKJisM61Cegc8pIwzv4mbTyo9SjoWswxt20zVp8sIGeF4w7X94gPVZ0
f8D3OELujXqk2i34blLDbTGF3TsCgYEAwrOkxvZ1cdj4ouFqmTFuCvEKVGxsSQeT
Pc4/e/GsjzXGnIkLnsYbUnTXKzt7gLuu0I8B3gF0DqqPCJoGHQv6RIYdY8g6KLF+
4eGfYSJj6zjKOx4yKP7NT3vQLZehhIKbA723rWQVZ9N3e05P65OBkIp8f5MOfNgJ
O+OKVe49MPMCgYBA6S6JL7O3CbeOkVK6wj7XX9ynnWItJoJysJ1ps8nkjs5szyYr
2pjYTEa73VddXro465qCbzZjS1rRZS3z9LO+w9FQamfiyFCnEu8+y9PgIeOAa8bF
+RhWBKndb7qIuXtX4U7oW6Yy/Kru4HvY3X6Z/3X23ZClpT5+kWrohq6YRwKBgE/Q
uPHfQtIC8hpDciGOw9+0ZFmrgNCHTHL/w8KZlfW3Q84T2DGkYLryrupIHh7t0YIp
vcg2rE7+2FfcXDk4GcZRfGbVRBI+gRc0GNQG9xMMWsrVXBa2LZAx32txR4M8zzM/
aLap2qSPaeGgft7Bv1FzlAnwTPYc0dw9MQ589ZTFAoGBAJrB3sNh1ysIUdA3X1Jf
vUZfBCofmP+7Cqzln8gdeYA9iXUOoE4VTPw0jK71ZzsmlUejBz9S2ZUfs9q1Srge
yFo8Glr/8AXXUAt7iSJS4j7sz07EZbj14LfoooSem+w/ZONy8Sdtm/WMox/iBg7S
s+Ix44bf/PXcAri2w7OQp/G6
-----END PRIVATE KEY-----

The letsencrypt client generates this header:

{
  "alg": "RS256",
  "jwk": {
    "e": "AQAB",
    "kty": "RSA",
    "n": "q2C-WauK718BJ2nIzw1465dFJwCnwHIbTUCMhHX_2uNbRYGZMNQ10trPvXljQWq1mBMBoRaIjnnqKUoVO6muSCi-6cC2jvLz20zzVmWfbMt1cdfJQeeCMkTwV-Zay1Pp9F7mMhXGWtfhnQ7YLvgEEKowxhrkiXnLgAVh_q8837pjIvSuID_UtCfL6utJkZ2ukeOwLYu7f4wSZm9r0qEmlo7Sn9CyaET523O0oGBfA-CVid8UJ7GvC66wbnVeY_jd7kQzIplHhy-oltSqAG_INSKpf29_9gtGdDPzv9d7BAsrRcQwVT_Vvpbx8DRe6WUfgvwb4RR-hZ6xSH0YrJsPAQ",
  }
}

but letsencrypt-nosudo generates this header:

{
  "alg": "RS256",
  "jwk": {
    "e": "AQAB",
    "kty": "RSA",
    "n": "tpW0eROWQMZsUVpyFirz7YtD7CbVkDEh_XQo66zXJey29lSnosouN_jeJ1xc9pvPvj5Mp28I-w95nvST_6JHVGP00lKE9UItDNPpEUk4B_0rxiOktxhTcdk0LMYOGWD-dylpCaGpTI_3yViD8hpGmYzdXM9XHIftU0xYfgqmVgEZjb3pAkZbEFqw8z_l9FrWXxnjGPviPTz0c3eLQKbFGzOn6JEBhMBhS-B6IhrZCXnHfAVqfmfoGtq5XU_xZqhCBNnUxmra2-RJBBRr2YTNQDm82tGMbdH7lkyOvex1fKhoSt2WCFdStvpyljkX1U8lv44ERJ0_gg1g7G1D0YqaLw",
  }
}

from acme-nosudo.

mlocati avatar mlocati commented on July 21, 2024

I filed an issue in the official letsencrypt repository, let's see...

from acme-nosudo.

diafygi avatar diafygi commented on July 21, 2024

@igniferroque no, signature should not be blank. This usually happens when the signature command didn't run correctly. Did you run the commands after STEP 3: You need to sign some more files (replace 'user.key' with your user private key).?

@mlocati a different public key shouldn't cause a blank signature, so your issue might be a different one. Please file another bug if you see a value in the signature field in the json payload.

from acme-nosudo.

diafygi avatar diafygi commented on July 21, 2024

@mlocati When I tried using your public key in letsencrypt-nosudo, I got the same jwk as letsencrypt.

{
    "alg": "RS256", 
    "jwk": {
        "e": "AQAB", 
        "kty": "RSA", 
        "n": "q2C-WauK718BJ2nIzw1465dFJwCnwHIbTUCMhHX_2uNbRYGZMNQ10trPvXljQWq1mBMBoRaIjnnqKUoVO6muSCi-6cC2jvLz20zzVmWfbMt1cdfJQeeCMkTwV-Zay1Pp9F7mMhXGWtfhnQ7YLvgEEKowxhrkiXnLgAVh_q8837pjIvSuID_UtCfL6utJkZ2ukeOwLYu7f4wSZm9r0qEmlo7Sn9CyaET523O0oGBfA-CVid8UJ7GvC66wbnVeY_jd7kQzIplHhy-oltSqAG_INSKpf29_9gtGdDPzv9d7BAsrRcQwVT_Vvpbx8DRe6WUfgvwb4RR-hZ6xSH0YrJsPAQ"
    }
}

from acme-nosudo.

InvisibleFunction avatar InvisibleFunction commented on July 21, 2024

I copied all the referenced .json files to the machine where my private key is, ran the commands, then copied all the generated .sig files back to the same directory. I believe that's all that is required.

from acme-nosudo.

diafygi avatar diafygi commented on July 21, 2024

I believe if you overwrite a named temporary file with a new file, the named temporary file object in python would have closed (causing the empty file). Can you please try writing the .sig file output directly to the open temporary files, rather than copying and overwriting them?

from acme-nosudo.

mlocati avatar mlocati commented on July 21, 2024

I swapped the values of n here. The correct values of my test are the one reported at certbot/certbot#1984
(letsencrypt-nosudo generates the q2C... and official letsencrypt seems to generate tpW...).

from acme-nosudo.

onur avatar onur commented on July 21, 2024

I was getting same error, make sure you run openssl commands when program asks for it. This fixed the issue for me and everything is running fine.

from acme-nosudo.

diafygi avatar diafygi commented on July 21, 2024

@igniferroque assuming you have resolved your issue.

from acme-nosudo.

InvisibleFunction avatar InvisibleFunction commented on July 21, 2024

Sorry, I haven't gotten back to you. I hope to have some time to try this again this weekend. Thanks for your help!

from acme-nosudo.

InvisibleFunction avatar InvisibleFunction commented on July 21, 2024

Overwriting the files with redirection (>) didn't work and I suppose I should have tried to append to them (>>) but I just copied my user.key to the server and did it that way which worked fine.
Thanks!

from acme-nosudo.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.