-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parse error reading JWS on revoking certificate #558
Labels
Comments
Thanks for reporting this problem - I've not looked at the revoke code for a while and there aren't (yet) any tests. I'll take a look and fix it. |
Fixed in release 2.28 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Upon revoking a certifcate I get an 400 error.
Creating certficates or renewing isn't a problem.
OS: linux Slackware-14.2
Common config:
CA="https://acme-v02.api.letsencrypt.org"
ACCOUNT_EMAIL="[snip my email]"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/root/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
RENEW_ALLOW="30"
SERVER_TYPE="https"
CHECK_REMOTE="true"
Domain-config
SANS="www.[snip domainname]"
ACL="/host/_letsencrypt"
USE_SINGLE_ACL="true"
DOMAIN_CERT_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].crt"
DOMAIN_KEY_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].key"
CA_CERT_LOCATION="/usr/local/nginx/conf/letsencrypt/chain.crt"
DOMAIN_CHAIN_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].bundle"
Output upon revoking:
./getssl -d -r /usr/local/nginx/conf/letsencrypt/[snip mydomain].crt /usr/local/nginx/conf/letsencrypt/[snip mydomain].key
detected os type = linux
Running
Welcome to \s \r (\l)
checking for required which ... /usr/bin/which
checking for required openssl ... /usr/bin/openssl
checking for required curl ... /usr/bin/curl
checking for dig ... /usr/bin/dig
function dig found at /usr/bin/dig - setting DNS_CHECK_FUNC to dig
checking for required dirname ... /usr/bin/dirname
checking for required awk ... /usr/bin/awk
checking for required tr ... /usr/bin/tr
checking for required date ... /usr/bin/date
checking for required grep ... /usr/bin/grep
checking for required sed ... /usr/bin/sed
checking for required sort ... /usr/bin/sort
checking for required mktemp ... /usr/bin/mktemp
current code is version 2.26
Most recent version is 2.26
revoking cert /usr/local/nginx/conf/letsencrypt/[snip mydomain].crt
using key /usr/local/nginx/conf/letsencrypt/[snip mydomain].key
jwk alg = RS256
revoking from https://acme-v02.api.letsencrypt.org
url https://acme-v02.api.letsencrypt.org/acme/revoke-cert
payload = {"resource": "revoke-cert", "certificate": "MII..[snip]...JI"}
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 03 May 2020 12:53:39 GMT
Content-Type: application/problem+json
Content-Length: 108
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102rtFD1TsFKMYKvEQwO0Q18qyn2_drOPaFrggH9vJ2m-o
response {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}
code 400
getssl: ACME server returned error: 400: "detail": "Parse error reading JWS",
The text was updated successfully, but these errors were encountered: