EC Account Keys - ec-256 works ec-384 fails.

[dschaper]

acme.sh version v2.7.3

Create account-key withacme.sh --create-account-key -ak ec-256 && acme.sh --register-account passes with no issues.

Create account-key with acme.sh --create-account-key -ak ec-384 && acme.sh --register-account fails with the below debug output. Issue is repeatable.

root@ubuntu-512mb-sfo1-01:~/acmehome# acme.sh --register-account --debug 2
[Tue Aug 29 03:00:44 UTC 2017] Lets find script dir.
[Tue Aug 29 03:00:44 UTC 2017] _SCRIPT_='/root/acmehome/acme.sh'
[Tue Aug 29 03:00:45 UTC 2017] _script='/root/acmehome/acme.sh'
[Tue Aug 29 03:00:45 UTC 2017] _script_home='/root/acmehome'
[Tue Aug 29 03:00:45 UTC 2017] Using config home:/root/acmehome/data
[Tue Aug 29 03:00:45 UTC 2017] LE_WORKING_DIR='/root/acmehome'
https://github.com/Neilpang/acme.sh
v2.7.3
[Tue Aug 29 03:00:45 UTC 2017] Using config home:/root/acmehome/data
[Tue Aug 29 03:00:45 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue Aug 29 03:00:45 UTC 2017] Using config home:/root/acmehome/data
[Tue Aug 29 03:00:45 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue Aug 29 03:00:45 UTC 2017] EC key
[Tue Aug 29 03:00:45 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 29 03:00:45 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 29 03:00:45 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 29 03:00:45 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 29 03:00:45 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 29 03:00:45 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 29 03:00:45 UTC 2017] AGREEMENT
[Tue Aug 29 03:00:45 UTC 2017] Registering account
[Tue Aug 29 03:00:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 29 03:00:45 UTC 2017] payload='{"resource": "new-reg", "contact": ["mailto: <<redacted>>"], "agreement": ""}'
[Tue Aug 29 03:00:45 UTC 2017] Use cached jwk for file: /root/acmehome/ecc.key
[Tue Aug 29 03:00:45 UTC 2017] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug 29 03:00:45 UTC 2017] GET
[Tue Aug 29 03:00:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug 29 03:00:45 UTC 2017] timeout
[Tue Aug 29 03:00:45 UTC 2017] _CURL='curl -L --silent --dump-header /root/acmehome/data/http.header  --trace-ascii /tmp/tmp.B8eaYNpR6I '
[Tue Aug 29 03:00:45 UTC 2017] ret='0'
[Tue Aug 29 03:00:45 UTC 2017] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 561
Boulder-Request-Id: XVrJB9M5g06xqOytZ7avimvrcVbGgBBXrEPKUIt9tGQ
Replay-Nonce: HabCeB-YHyPVhrLCzdm-Co_8_mu9kyj4qYmBnAH8TCk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 29 Aug 2017 03:00:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Aug 2017 03:00:45 GMT
Connection: keep-alive
'
[Tue Aug 29 03:00:45 UTC 2017] _CACHED_NONCE='HabCeB-YHyPVhrLCzdm-Co_8_mu9kyj4qYmBnAH8TCk'
[Tue Aug 29 03:00:45 UTC 2017] nonce='HabCeB-YHyPVhrLCzdm-Co_8_mu9kyj4qYmBnAH8TCk'
[Tue Aug 29 03:00:45 UTC 2017] POST
[Tue Aug 29 03:00:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 29 03:00:45 UTC 2017] body='{"header": {"alg": "ES256", "jwk": {"crv": "P-384", "kty": "EC", "x": "y6QNyXOL30zhh6xiWF4GVIMtZKjFX3Kf9x9y-qLVuTaOITrz9b4jqSpzgwlqwLWF", "y": "0L31qU1LiUBPUIgaU_0nvf6bWTcy-k0fHROSX8Q1UXHtYU2AGNGO3Sl319rxD7ia"}}, "protected": "eyJub25jZSI6ICJIYWJDZUItWUh5UFZockxDemRtLUNvXzhfbXU5a3lqNHFZbUJuQUg4VENrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctcmVnIiwgImFsZyI6ICJFUzI1NiIsICJqd2siOiB7ImNydiI6ICJQLTM4NCIsICJrdHkiOiAiRUMiLCAieCI6ICJ5NlFOeVhPTDMwemhoNnhpV0Y0R1ZJTXRaS2pGWDNLZjl4OXktcUxWdVRhT0lUcno5YjRqcVNwemd3bHF3TFdGIiwgInkiOiAiMEwzMXFVMUxpVUJQVUlnYVVfMG52ZjZiV1RjeS1rMGZIUk9TWDhRMVVYSHRZVTJBR05HTzNTbDMxOXJ4RDdpYSJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImNvbnRhY3QiOiBbIm1haWx0bzogc2VydmVyc0BwaS1ob2xlLm5ldCJdLCAiYWdyZWVtZW50IjogIiJ9", "signature": "Gy6xYmz0fXCUnxd7oCs5d5cSAzI3cTvAS0CvUo2jAWkqlNMqSvaEyrnuKQomlUIEl8wtYOAmul3I2yJHjK3Z2K3bcoE4FwqpqUNerLXUTHEBOM41RX-fYiyCTyN6lVJI"}'
[Tue Aug 29 03:00:45 UTC 2017] _CURL='curl -L --silent --dump-header /root/acmehome/data/http.header  --trace-ascii /tmp/tmp.jMs9VnFdvw '
[Tue Aug 29 03:00:45 UTC 2017] _ret='0'
[Tue Aug 29 03:00:45 UTC 2017] original='{
  "type": "urn:acme:error:malformed",
  "detail": "signature type 'ES256' in JWS header is not supported, expected one of RS256, ES256, ES384 or ES512",
  "status": 400
}'
[Tue Aug 29 03:00:45 UTC 2017] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 172
Boulder-Request-Id: eNodDvxThbRTzyksKi2hpnsTdiDTAC_Ixuz95o-HhXc
Replay-Nonce: tMMYousAoMoR0tQ5ttOnOc8g-WzOS-QcOy4qrzyZaB0
Expires: Tue, 29 Aug 2017 03:00:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Aug 2017 03:00:45 GMT
Connection: close
'
[Tue Aug 29 03:00:45 UTC 2017] response='{"type":"urn:acme:error:malformed","detail":"signature type 'ES256' in JWS header is not supported, expected one of RS256, ES256, ES384 or ES512","status": 400}'
[Tue Aug 29 03:00:45 UTC 2017] code='400'
[Tue Aug 29 03:00:45 UTC 2017] Register account Error: {"type":"urn:acme:error:malformed","detail":"signature type 'ES256' in JWS header is not supported, expected one of RS256, ES256, ES384 or ES512","status": 400}

[Neilpang]

confirmed. this is a bug for the ec-384 account key.

I will fix it soon.

thanks

[dschaper]

Thanks for the great tool, donation incoming after payday!

[Neilpang]

it should be fixed now. please try the latest code.