Parse error reading JWS on revoking certificate #558
Assignees
Labels
Comments
|
Thanks for reporting this problem - I've not looked at the revoke code for a while and there aren't (yet) any tests. I'll take a look and fix it. |
|
Fixed in release 2.28 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Upon revoking a certifcate I get an 400 error.
Creating certficates or renewing isn't a problem.
OS: linux Slackware-14.2
Common config:
CA="https://acme-v02.api.letsencrypt.org"
ACCOUNT_EMAIL="[snip my email]"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/root/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
RENEW_ALLOW="30"
SERVER_TYPE="https"
CHECK_REMOTE="true"
Domain-config
SANS="www.[snip domainname]"
ACL="/host/_letsencrypt"
USE_SINGLE_ACL="true"
DOMAIN_CERT_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].crt"
DOMAIN_KEY_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].key"
CA_CERT_LOCATION="/usr/local/nginx/conf/letsencrypt/chain.crt"
DOMAIN_CHAIN_LOCATION="/usr/local/nginx/conf/letsencrypt/[snip domainname].bundle"
Output upon revoking:
./getssl -d -r /usr/local/nginx/conf/letsencrypt/[snip mydomain].crt /usr/local/nginx/conf/letsencrypt/[snip mydomain].key
detected os type = linux
Running
Welcome to \s \r (\l)
checking for required which ... /usr/bin/which
checking for required openssl ... /usr/bin/openssl
checking for required curl ... /usr/bin/curl
checking for dig ... /usr/bin/dig
function dig found at /usr/bin/dig - setting DNS_CHECK_FUNC to dig
checking for required dirname ... /usr/bin/dirname
checking for required awk ... /usr/bin/awk
checking for required tr ... /usr/bin/tr
checking for required date ... /usr/bin/date
checking for required grep ... /usr/bin/grep
checking for required sed ... /usr/bin/sed
checking for required sort ... /usr/bin/sort
checking for required mktemp ... /usr/bin/mktemp
current code is version 2.26
Most recent version is 2.26
revoking cert /usr/local/nginx/conf/letsencrypt/[snip mydomain].crt
using key /usr/local/nginx/conf/letsencrypt/[snip mydomain].key
jwk alg = RS256
revoking from https://acme-v02.api.letsencrypt.org
url https://acme-v02.api.letsencrypt.org/acme/revoke-cert
payload = {"resource": "revoke-cert", "certificate": "MII..[snip]...JI"}
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 03 May 2020 12:53:39 GMT
Content-Type: application/problem+json
Content-Length: 108
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0102rtFD1TsFKMYKvEQwO0Q18qyn2_drOPaFrggH9vJ2m-o
response {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}
code 400
getssl: ACME server returned error: 400: "detail": "Parse error reading JWS",
The text was updated successfully, but these errors were encountered: