Comments (13)
I have the same problem.
I tested letsencrypt-nosudo with Boulder too (run letsencrypt/tests/boulder-start.sh
to start it).
Here's the output of Boulder log:
09:39:36 boulder-wfe Successful request JSON={"ID":"J6011G2LSsQMR1E1jgDKEDdfRoAhI_lqgvS06f1zgbc","ClientAddr":"[::1]:38639","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.386919847+01:00","ResponseTime":"2015-12-21T09:39:36.386941368+01:00","Errors":null}
09:39:36 boulder-wfe Successful request JSON={"ID":"snkb5VAv3SlHaquLokEIoe5E8_ZogDPCmQy1yU-LfSk","ClientAddr":"[::1]:38640","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.388670282+01:00","ResponseTime":"2015-12-21T09:39:36.388678413+01:00","Errors":null}
09:39:36 boulder-wfe Successful request JSON={"ID":"VIXj4uD04MUQmVeFcpI0rwMHGcDvYcst6LIuZ6T2OJs","ClientAddr":"[::1]:38641","Endpoint":"/directory","Method":"HEAD","RequestTime":"2015-12-21T09:39:36.397550542+01:00","ResponseTime":"2015-12-21T09:39:36.397559818+01:00","Errors":null}
09:39:41 boulder-wfe [c>][WFE->SA.u.d55357] requesting GetRegistrationByKey({"kty":"RSA","n":"2wyEGG2jrBReBW6VMVNv3I-uP2wTPyswSClA5QbsaButQnZgxGUPiLRrqD-isy1nPO2y-gEiVC9DJ-rHNaijAfj_mN9SUBMiV2ooTcgBu4KBNC6zWcBDzCxFVPgptuXAoiHG88A3faNkHwq6U5CLiXgkROXZithRHPEP5B2dDXFTFAbTcuooZ1hx0T_16j218ZOfR9yiSjWxuy1ZbJ925DDnpUD_X-DZUTmktYQZpXi41ieIc_cUeI53V0Q_YyqhSBS_E3cD8VkkkK0pVFuCkJResXowOy0ZXlcu8I7aiq1dAwwagGB6FHhzMQJc-ZK6e8NciPC6iKB36DnxDHpgheq3CFjbul7p8L2Ip9OyPHixvFOhq7HGiRmRTzl3bNUo-F0hO25HdiiPpN1cCzRY-q4ZD-MOkGvPG5AJViP3qW5kcDxFoChU--ilZ1hcsyEuD26Q6Pg_mvRu4bnGNhmMG_OK08EZuoO0oNaeaIIR6by4kruJwfe2Z8X87LwgHyhHVbYylnowz5ZPy4DHPMrZhkmCl_eU4OxfRnVDXJd_mz63tlGAxpF-tMEbDfrc5bjzZnF_fWCqmfnv8rIg3UO0BsP7nriDyrGwBP5-uJqt6kF7n7fWkugWOa8NF9_vTAo0fmqSb7FXTbJWsFbzQHizsrfIuALO5YI8iVFySSHrem8","e":"AQAB"}) [QZTAux4uMq4]
09:39:41 activity-monitor MONITOR: {"Acknowledger":{},"Headers":null,"ContentType":"","ContentEncoding":"","DeliveryMode":0,"Priority":0,"CorrelationId":"QZTAux4uMq4","ReplyTo":"WFE-\u003eSA.u.d55357","Expiration":"30000","MessageId":"","Timestamp":"2015-12-21T09:39:41+01:00","Type":"GetRegistrationByKey","UserId":"","AppId":"","ConsumerTag":"boulder","MessageCount":0,"DeliveryTag":1,"Redelivered":false,"Exchange":"boulder","RoutingKey":"SA.server","Body":"eyJrdHkiOiJSU0EiLCJuIjoiMnd5RUdHMmpyQlJlQlc2Vk1WTnYzSS11UDJ3VFB5c3dTQ2xBNVFic2FCdXRRblpneEdVUGlMUnJxRC1pc3kxblBPMnktZ0VpVkM5REotckhOYWlqQWZqX21OOVNVQk1pVjJvb1RjZ0J1NEtCTkM2eldjQkR6Q3hGVlBncHR1WEFvaUhHODhBM2ZhTmtId3E2VTVDTGlYZ2tST1haaXRoUkhQRVA1QjJkRFhGVEZBYlRjdW9vWjFoeDBUXzE2ajIxOFpPZlI5eWlTald4dXkxWmJKOTI1RERucFVEX1gtRFpVVG1rdFlRWnBYaTQxaWVJY19jVWVJNTNWMFFfWXlxaFNCU19FM2NEOFZra2tLMHBWRnVDa0pSZXNYb3dPeTBaWGxjdThJN2FpcTFkQXd3YWdHQjZGSGh6TVFKYy1aSzZlOE5jaVBDNmlLQjM2RG54REhwZ2hlcTNDRmpidWw3cDhMMklwOU95UEhpeHZGT2hxN0hHaVJtUlR6bDNiTlVvLUYwaE8yNUhkaWlQcE4xY0N6UlktcTRaRC1NT2tHdlBHNUFKVmlQM3FXNWtjRHhGb0NoVS0taWxaMWhjc3lFdUQyNlE2UGdfbXZSdTRibkdOaG1NR19PSzA4RVp1b08wb05hZWFJSVI2Ynk0a3J1SndmZTJaOFg4N0x3Z0h5aEhWYll5bG5vd3o1WlB5NERIUE1yWmhrbUNsX2VVNE94ZlJuVkRYSmRfbXo2M3RsR0F4cEYtdE1FYkRmcmM1Ymp6Wm5GX2ZXQ3FtZm52OHJJZzNVTzBCc1A3bnJpRHlyR3dCUDUtdUpxdDZrRjduN2ZXa3VnV09hOE5GOV92VEFvMGZtcVNiN0ZYVGJKV3NGYnpRSGl6c3JmSXVBTE81WUk4aVZGeVNTSHJlbTgiLCJlIjoiQVFBQiJ9"}
09:39:41 boulder-sa [s<][SA.server][WFE->SA.u.d55357] received GetRegistrationByKey({"kty":"RSA","n":"2wyEGG2jrBReBW6VMVNv3I-uP2wTPyswSClA5QbsaButQnZgxGUPiLRrqD-isy1nPO2y-gEiVC9DJ-rHNaijAfj_mN9SUBMiV2ooTcgBu4KBNC6zWcBDzCxFVPgptuXAoiHG88A3faNkHwq6U5CLiXgkROXZithRHPEP5B2dDXFTFAbTcuooZ1hx0T_16j218ZOfR9yiSjWxuy1ZbJ925DDnpUD_X-DZUTmktYQZpXi41ieIc_cUeI53V0Q_YyqhSBS_E3cD8VkkkK0pVFuCkJResXowOy0ZXlcu8I7aiq1dAwwagGB6FHhzMQJc-ZK6e8NciPC6iKB36DnxDHpgheq3CFjbul7p8L2Ip9OyPHixvFOhq7HGiRmRTzl3bNUo-F0hO25HdiiPpN1cCzRY-q4ZD-MOkGvPG5AJViP3qW5kcDxFoChU--ilZ1hcsyEuD26Q6Pg_mvRu4bnGNhmMG_OK08EZuoO0oNaeaIIR6by4kruJwfe2Z8X87LwgHyhHVbYylnowz5ZPy4DHPMrZhkmCl_eU4OxfRnVDXJd_mz63tlGAxpF-tMEbDfrc5bjzZnF_fWCqmfnv8rIg3UO0BsP7nriDyrGwBP5-uJqt6kF7n7fWkugWOa8NF9_vTAo0fmqSb7FXTbJWsFbzQHizsrfIuALO5YI8iVFySSHrem8","e":"AQAB"}) [QZTAux4uMq4]
09:39:41 boulder-sa SQL: SELECT * FROM registrations WHERE jwk_sha256 = ? [1:"DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0="]
09:39:41 boulder-sa [s>][SA.server][WFE->SA.u.d55357] replying GetRegistrationByKey: , RPCERR: &{No registrations with public key sha256 DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0= NoSuchRegistrationError 0} [QZTAux4uMq4]
09:39:41 activity-monitor MONITOR: {"Acknowledger":{},"Headers":null,"ContentType":"","ContentEncoding":"","DeliveryMode":0,"Priority":0,"CorrelationId":"QZTAux4uMq4","ReplyTo":"","Expiration":"30000","MessageId":"","Timestamp":"2015-12-21T09:39:41+01:00","Type":"GetRegistrationByKey","UserId":"","AppId":"","ConsumerTag":"boulder","MessageCount":0,"DeliveryTag":2,"Redelivered":false,"Exchange":"boulder","RoutingKey":"WFE-\u003eSA.u.d55357","Body":"eyJyZXR1cm5WYWwiOm51bGwsImVycm9yIjp7InZhbHVlIjoiTm8gcmVnaXN0cmF0aW9ucyB3aXRoIHB1YmxpYyBrZXkgc2hhMjU2IEROTzNkKzRDMXhFM2xwaFYwdHlLeXdHbURzc0NydjZtVEtqNEVwSGxlTDA9IiwidHlwZSI6Ik5vU3VjaFJlZ2lzdHJhdGlvbkVycm9yIn19"}
09:39:41 boulder-wfe [c<][WFE->SA.u.d55357] response GetRegistrationByKey: , RPCERR: &{No registrations with public key sha256 DNO3d+4C1xE3lphV0tyKywGmDssCrv6mTKj4EpHleL0= NoSuchRegistrationError 0} [QZTAux4uMq4]
09:39:41 boulder-wfe Terminated request JSON={"ID":"ScagzfzWKPOrPpToNnWh9OLE3cf0R8I4PGwQ_szlwUs","ClientAddr":"[::1]:38642","Endpoint":"/acme/new-reg","Method":"POST","RequestTime":"2015-12-21T09:39:41.82590821+01:00","ResponseTime":"2015-12-21T09:39:41.833769435+01:00","Errors":["verification of JWS with the JWK failed: square/go-jose: error in cryptographic primitive; body: {\n \"header\": {\n \"alg\": \"RS256\", \n \"jwk\": {\n \"e\": \"AQAB\", \n \"k","400 :: urn:acme:error:malformed :: JWS verification error"]}
from acme-nosudo.
PS: in order to use Boulder instead of official letsencrypt server you have to change sign_csr.py
by setting CA = "http://localhost:4000"
from acme-nosudo.
I did some tests, and it seems that the n
key of jwk
is different from the one generated by the official letsencrypt client.
For instance, let's take this private key:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrYL5Zq4rvXwEn
acjPDXjrl0UnAKfAchtNQIyEdf/a41tFgZkw1DXS2s+9eWNBarWYEwGhFoiOeeop
ShU7qa5IKL7pwLaO8vPbTPNWZZ9sy3Vx18lB54IyRPBX5lrLU+n0XuYyFcZa1+Gd
Dtgu+AQQqjDGGuSJecuABWH+rzzfumMi9K4gP9S0J8vq60mRna6R47Ati7t/jBJm
b2vSoSaWjtKf0LJoRPnbc7SgYF8D4JWJ3xQnsa8LrrBudV5j+N3uRDMimUeHL6iW
1KoAb8g1Iql/b3/2C0Z0M/O/13sECytFxDBVP9W+lvHwNF7pZR+C/BvhFH6FnrFI
fRismw8BAgMBAAECggEBAIsHKqS4Azf5TIhayusdtND6oMDpSS1X5EohaV00FOHP
u4WBg3MXVKq/k/PT++9fz/2UvaefDhz3Tj08ukjyeE5Vr7sV+YOyGJ35qRaXzmOG
ErrOIZjzZK2/O3MzjsiQRKVYL0rGW2nq5D5zgnFoBnQ2fObZfjkAs1QiCcOBCdM8
nttTO31JCwyBuTKGK3KaJdoba6dVze5Xhm1b/haCmq2EJOML5G73jK7m8aYkVDFb
FJOShYATyz5Xju33QEPz+HWcMrk/TKZFRQYSjWFAzy0/ENrMptIVff3UN0KL0YSl
0hNHlJwHStDEZAiMw4A20ojtKqfUkyR1kPzxpWdi/BkCgYEA4VVFhv5RNSJUGm1I
zhJT54UlfIW57c/NWx/Tqbhe0QYg//sM4c/s8lw45lvmRc7vKs6C/ZGo18p+XNT+
BaZdNFlxbtKJisM61Cegc8pIwzv4mbTyo9SjoWswxt20zVp8sIGeF4w7X94gPVZ0
f8D3OELujXqk2i34blLDbTGF3TsCgYEAwrOkxvZ1cdj4ouFqmTFuCvEKVGxsSQeT
Pc4/e/GsjzXGnIkLnsYbUnTXKzt7gLuu0I8B3gF0DqqPCJoGHQv6RIYdY8g6KLF+
4eGfYSJj6zjKOx4yKP7NT3vQLZehhIKbA723rWQVZ9N3e05P65OBkIp8f5MOfNgJ
O+OKVe49MPMCgYBA6S6JL7O3CbeOkVK6wj7XX9ynnWItJoJysJ1ps8nkjs5szyYr
2pjYTEa73VddXro465qCbzZjS1rRZS3z9LO+w9FQamfiyFCnEu8+y9PgIeOAa8bF
+RhWBKndb7qIuXtX4U7oW6Yy/Kru4HvY3X6Z/3X23ZClpT5+kWrohq6YRwKBgE/Q
uPHfQtIC8hpDciGOw9+0ZFmrgNCHTHL/w8KZlfW3Q84T2DGkYLryrupIHh7t0YIp
vcg2rE7+2FfcXDk4GcZRfGbVRBI+gRc0GNQG9xMMWsrVXBa2LZAx32txR4M8zzM/
aLap2qSPaeGgft7Bv1FzlAnwTPYc0dw9MQ589ZTFAoGBAJrB3sNh1ysIUdA3X1Jf
vUZfBCofmP+7Cqzln8gdeYA9iXUOoE4VTPw0jK71ZzsmlUejBz9S2ZUfs9q1Srge
yFo8Glr/8AXXUAt7iSJS4j7sz07EZbj14LfoooSem+w/ZONy8Sdtm/WMox/iBg7S
s+Ix44bf/PXcAri2w7OQp/G6
-----END PRIVATE KEY-----
The letsencrypt client generates this header:
{
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "q2C-WauK718BJ2nIzw1465dFJwCnwHIbTUCMhHX_2uNbRYGZMNQ10trPvXljQWq1mBMBoRaIjnnqKUoVO6muSCi-6cC2jvLz20zzVmWfbMt1cdfJQeeCMkTwV-Zay1Pp9F7mMhXGWtfhnQ7YLvgEEKowxhrkiXnLgAVh_q8837pjIvSuID_UtCfL6utJkZ2ukeOwLYu7f4wSZm9r0qEmlo7Sn9CyaET523O0oGBfA-CVid8UJ7GvC66wbnVeY_jd7kQzIplHhy-oltSqAG_INSKpf29_9gtGdDPzv9d7BAsrRcQwVT_Vvpbx8DRe6WUfgvwb4RR-hZ6xSH0YrJsPAQ",
}
}
but letsencrypt-nosudo generates this header:
{
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "tpW0eROWQMZsUVpyFirz7YtD7CbVkDEh_XQo66zXJey29lSnosouN_jeJ1xc9pvPvj5Mp28I-w95nvST_6JHVGP00lKE9UItDNPpEUk4B_0rxiOktxhTcdk0LMYOGWD-dylpCaGpTI_3yViD8hpGmYzdXM9XHIftU0xYfgqmVgEZjb3pAkZbEFqw8z_l9FrWXxnjGPviPTz0c3eLQKbFGzOn6JEBhMBhS-B6IhrZCXnHfAVqfmfoGtq5XU_xZqhCBNnUxmra2-RJBBRr2YTNQDm82tGMbdH7lkyOvex1fKhoSt2WCFdStvpyljkX1U8lv44ERJ0_gg1g7G1D0YqaLw",
}
}
from acme-nosudo.
I filed an issue in the official letsencrypt repository, let's see...
from acme-nosudo.
@igniferroque no, signature should not be blank. This usually happens when the signature command didn't run correctly. Did you run the commands after STEP 3: You need to sign some more files (replace 'user.key' with your user private key).
?
@mlocati a different public key shouldn't cause a blank signature, so your issue might be a different one. Please file another bug if you see a value in the signature field in the json payload.
from acme-nosudo.
@mlocati When I tried using your public key in letsencrypt-nosudo, I got the same jwk as letsencrypt.
{
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "q2C-WauK718BJ2nIzw1465dFJwCnwHIbTUCMhHX_2uNbRYGZMNQ10trPvXljQWq1mBMBoRaIjnnqKUoVO6muSCi-6cC2jvLz20zzVmWfbMt1cdfJQeeCMkTwV-Zay1Pp9F7mMhXGWtfhnQ7YLvgEEKowxhrkiXnLgAVh_q8837pjIvSuID_UtCfL6utJkZ2ukeOwLYu7f4wSZm9r0qEmlo7Sn9CyaET523O0oGBfA-CVid8UJ7GvC66wbnVeY_jd7kQzIplHhy-oltSqAG_INSKpf29_9gtGdDPzv9d7BAsrRcQwVT_Vvpbx8DRe6WUfgvwb4RR-hZ6xSH0YrJsPAQ"
}
}
from acme-nosudo.
I copied all the referenced .json files to the machine where my private key is, ran the commands, then copied all the generated .sig files back to the same directory. I believe that's all that is required.
from acme-nosudo.
I believe if you overwrite a named temporary file with a new file, the named temporary file object in python would have closed (causing the empty file). Can you please try writing the .sig file output directly to the open temporary files, rather than copying and overwriting them?
from acme-nosudo.
I swapped the values of n
here. The correct values of my test are the one reported at certbot/certbot#1984
(letsencrypt-nosudo generates the q2C...
and official letsencrypt seems to generate tpW...
).
from acme-nosudo.
I was getting same error, make sure you run openssl commands when program asks for it. This fixed the issue for me and everything is running fine.
from acme-nosudo.
@igniferroque assuming you have resolved your issue.
from acme-nosudo.
Sorry, I haven't gotten back to you. I hope to have some time to try this again this weekend. Thanks for your help!
from acme-nosudo.
Overwriting the files with redirection (>) didn't work and I suppose I should have tried to append to them (>>) but I just copied my user.key to the server and did it that way which worked fine.
Thanks!
from acme-nosudo.
Related Issues (20)
- Will there be a protocol V2 update? HOT 1
- Cannot create certificates for v6-only hosts HOT 1
- ModuleNotFoundError: No module named 'urllib2' HOT 4
- > (I might be quite wrong with all the following, it's mostly an observation)
- what does this error mean? HOT 1
- Syntax error or user error??? HOT 2
- Python script does not work for IPv6 HOT 1
- agreement url changed HOT 1
- Stopped working in Windows HOT 1
- issue with rsa -in user.key -pubout > user.pub HOT 1
- Steps produce two certificates ? HOT 2
- Renewal fails with error HOT 2
- Syntax error in: pub_exp = "0{0}".format(pub_exp) if len(pub_exp) % 2 else pub_exp HOT 2
- Dadanationnonprofit HOT 1
- Does this script also record IP address? HOT 1
- Spurious bad-nonce replies from letsencrypt, cause repeated script fail HOT 3
- Action required: Let's Encrypt subscriber agreement URL Change HOT 3
- acme registration id? HOT 1
- sign_csr.py fails on debian stretch with OpenSSL 1.1.0f 25 May 2017 HOT 2
- Please rename project HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-nosudo.