search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
37.61k stars 4.84k forks source link

The "unathorized" error sends http code 401 and not 403 (according to RFC8555) #5138

Open frantique opened 2 months ago

frantique commented 2 months ago

The script incorrectly waits for HTTP status code 403 instead of 401. (See: https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.6)

The error is found in line 3412 elif [ "$code" = "403" ]; then Also affected the line 3350 if [ "$code" = '403' ]; then

Steps to reproduce

  1. Create an account with: ./acme.sh --register-account
  2. Deactivate account with: ./acme.sh --deactivate-account
  3. Try again: ./acme.sh --deactivate-account

Debug log

[[2024. máj. 7., kedd, 12:48:56 CEST] responseHeaders='HTTP/2 401 server: nginx date: Tue, 07 May 2024 10:48:56 GMT content-type: application/problem+json content-length: 107 replay-nonce: MZHGHKkrOy8hZA9f-l7_Psc170NHf5fSUp91V8pqln4 cache-control: max-age=0, no-cache, no-store access-control-allow-origin: * link: https://acme.zerossl.com/v2/DV90;rel="index" strict-transport-security: max-age=15724800; includeSubDomains ' [2024. máj. 7., kedd, 12:48:56 CEST] code='401' [2024. máj. 7., kedd, 12:48:56 CEST] original='{"type":"urn:ietf:params:acme:error:unauthorized","status":401,"detail":"The account has been deactivated"}' [2024. máj. 7., kedd, 12:48:56 CEST] response='{"type":"urn:ietf:params:acme:error:unauthorized","status":401,"detail":"The account has been deactivated"}' [2024. máj. 7., kedd, 12:48:56 CEST] Deactivate: account failed for https://acme.zerossl.com/v2/DV90/account/I-TLAs0ysThbJLAO5-yGdw.

github-actions[bot] commented 2 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.