400 Bad request when client issues http-01 challenge
294 views
Skip to first unread message
Kaiduan Xie
Nov 22, 2015, 3:53:43 PM11/22/15
to Let's Encrypt Client Development, ca-...@letsencrypt.org
Hi,
I am updating my ACME client to comply with the latest change
(http-01), however the http-01 challenge always returns 400 Bad
request.
1) POST https://acme-staging.api.letsencrypt.org/acme/new-authz
HTTP/1.1 returns,
{"identifier":{"type":"dns","value":"aaaa"}, // I mask the DNS domain name here
"status":"pending",
"expires":"2015-11-29T20:24:58.522532112Z",
"challenges":[{"type":"tls-sni-01",
"status":"pending",
"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732185",
"token":"--E03XXEaSgMkVaSan6AsLbYeWgtPIjkx34CmHj9Sb0"},
{"type":"http-01",
"status":"pending",
"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732186",
"token":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U"}],
"combinations":[[1],[0]]}
2) Client sends POST to
https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732186
{"protected":"eyJub25jZSI6InFxMkpDNENZQWozYURwbTZRVlhlT1FoUnZWLUM2U0p6YVlYQnhHbEdkSm8ifQ","payload":"eyJyZXNvdXJjZSI6ImNoYWxsZW5nZSIsInR5cGUiOiJodHRwLTAxIiwia2V5QXV0aG9yaXphdGlvbiI6IlNLR0JJX05JODJ5aFFwS01EdTQzaUZqMmsyNHVwcFhRbmNBYXNya0UzOVUuNFhnSlktQlhfclJDdHJtVWNnRHpDMm16eTVKdDNQY2d3VS12a0kxZHpZayIsInRva2VuIjoiU0tHQklfTkk4MnloUXBLTUR1NDNpRmoyazI0dXBwWFFuY0Fhc3JrRTM5VSJ9","signature":"CKGTmbo-tDSsIh2vUQDdmjR5FjIOlWGwcyR-qWulgMYaHZyTx_isHG2k-pVY8mbe582U9PDkI8sOlrnioDjRH6tjNMYka3JVA-9LXY_IkRBm31KG0I7PTQjMn-KDoesFNeleRIj1JaA38t-gtifuIUqBpF2HlLRvl97UDdGj9wGA-84xEilmn_ImIsHwigBsdQynidM1cQeqgaetXtdrAJjPjXDgYLNBAvpvHMhAMnG9OMM2_1Ekx-MDKtXM3Q6ZZZks9wH_D3qbk_4304yVkKop-5pr7Fk0sapzv_ydMLcH2QIGNJf99djjuBI3cH6CsSDAw_83kR3IMT22qE8IuA","header":{"alg":"RS256","jwk":{"kty":"RSA","e":"AQAB","n":"pqHMFvieYX_x7KBkB-HvKwzOI_i_ZQx_yr8-aljv_V51JQb1c0RQRyKTdENT4bWWF7_WERB_Hl6-Z12KPF1gTcytSOh1pQzGRSnzvVU6WsEnDtWJQ_jQ-AXdvmLhxjgofisupzf7q8lFXSLjnCCxazsuaGL1SqEv8PyuB16qrYFCwAGPxuQyYc3fCzcfpth9Pgp4Pxn4e3yjkbTqCLmUD3kWjfTjzpF-eZH4WIyrf9rtV56iS3tLzqLE2mTaTbHcNf-WdsiIaVV2ewzENzL-cmI-l6MT7Z0rR7rMq82IA4SVqGKu-SMH0F8q7oA0BjfQTpB468f5eJu0m0rb8IFuKQ"}}}
The JWS payload is
{"resource":"challenge",
"type":"http-01",
"keyAuthorization":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U.4XgJY-BX_rRCtrmUcgDzC2mzy5Jt3PcgwU-vkI1dzYk",
"token":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U"}
Letsencrypt server returns 400 Bad request,
{"type":"urn:acme:error:malformed","detail":"Unable to update
challenge :: Response does not complete challenge"}
Can some one point out what I did wrong?
Thanks a lot for the help,
/Kaiduan
I am updating my ACME client to comply with the latest change
(http-01), however the http-01 challenge always returns 400 Bad
request.
1) POST https://acme-staging.api.letsencrypt.org/acme/new-authz
HTTP/1.1 returns,
{"identifier":{"type":"dns","value":"aaaa"}, // I mask the DNS domain name here
"status":"pending",
"expires":"2015-11-29T20:24:58.522532112Z",
"challenges":[{"type":"tls-sni-01",
"status":"pending",
"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732185",
"token":"--E03XXEaSgMkVaSan6AsLbYeWgtPIjkx34CmHj9Sb0"},
{"type":"http-01",
"status":"pending",
"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732186",
"token":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U"}],
"combinations":[[1],[0]]}
2) Client sends POST to
https://acme-staging.api.letsencrypt.org/acme/challenge/dr0K3t9roQDPAZScujBsb5CFehLLd-PDe-aLrQ5KSzU/732186
{"protected":"eyJub25jZSI6InFxMkpDNENZQWozYURwbTZRVlhlT1FoUnZWLUM2U0p6YVlYQnhHbEdkSm8ifQ","payload":"eyJyZXNvdXJjZSI6ImNoYWxsZW5nZSIsInR5cGUiOiJodHRwLTAxIiwia2V5QXV0aG9yaXphdGlvbiI6IlNLR0JJX05JODJ5aFFwS01EdTQzaUZqMmsyNHVwcFhRbmNBYXNya0UzOVUuNFhnSlktQlhfclJDdHJtVWNnRHpDMm16eTVKdDNQY2d3VS12a0kxZHpZayIsInRva2VuIjoiU0tHQklfTkk4MnloUXBLTUR1NDNpRmoyazI0dXBwWFFuY0Fhc3JrRTM5VSJ9","signature":"CKGTmbo-tDSsIh2vUQDdmjR5FjIOlWGwcyR-qWulgMYaHZyTx_isHG2k-pVY8mbe582U9PDkI8sOlrnioDjRH6tjNMYka3JVA-9LXY_IkRBm31KG0I7PTQjMn-KDoesFNeleRIj1JaA38t-gtifuIUqBpF2HlLRvl97UDdGj9wGA-84xEilmn_ImIsHwigBsdQynidM1cQeqgaetXtdrAJjPjXDgYLNBAvpvHMhAMnG9OMM2_1Ekx-MDKtXM3Q6ZZZks9wH_D3qbk_4304yVkKop-5pr7Fk0sapzv_ydMLcH2QIGNJf99djjuBI3cH6CsSDAw_83kR3IMT22qE8IuA","header":{"alg":"RS256","jwk":{"kty":"RSA","e":"AQAB","n":"pqHMFvieYX_x7KBkB-HvKwzOI_i_ZQx_yr8-aljv_V51JQb1c0RQRyKTdENT4bWWF7_WERB_Hl6-Z12KPF1gTcytSOh1pQzGRSnzvVU6WsEnDtWJQ_jQ-AXdvmLhxjgofisupzf7q8lFXSLjnCCxazsuaGL1SqEv8PyuB16qrYFCwAGPxuQyYc3fCzcfpth9Pgp4Pxn4e3yjkbTqCLmUD3kWjfTjzpF-eZH4WIyrf9rtV56iS3tLzqLE2mTaTbHcNf-WdsiIaVV2ewzENzL-cmI-l6MT7Z0rR7rMq82IA4SVqGKu-SMH0F8q7oA0BjfQTpB468f5eJu0m0rb8IFuKQ"}}}
The JWS payload is
{"resource":"challenge",
"type":"http-01",
"keyAuthorization":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U.4XgJY-BX_rRCtrmUcgDzC2mzy5Jt3PcgwU-vkI1dzYk",
"token":"SKGBI_NI82yhQpKMDu43iFj2k24uppXQncAasrkE39U"}
Letsencrypt server returns 400 Bad request,
{"type":"urn:acme:error:malformed","detail":"Unable to update
challenge :: Response does not complete challenge"}
Can some one point out what I did wrong?
Thanks a lot for the help,
/Kaiduan
Kaiduan Xie
Nov 22, 2015, 8:24:32 PM11/22/15
to Let's Encrypt Client Development, ca-...@letsencrypt.org
I figured out the problem, it is related to key authorization. The
JSON library I used does not follow the lexicographic order when
serializing to string.
Best regards,
/Kaiduan
JSON library I used does not follow the lexicographic order when
serializing to string.
Best regards,
/Kaiduan
Reply all
Reply to author
Forward
0 new messages