search

diafygi / acme-tiny

A tiny script to issue and renew TLS certs from Let's Encrypt
MIT License
4.73k stars 572 forks source link

Error getting challenges: urn:ietf:params:acme:error:malformed #236

Closed stam closed 4 years ago

stam commented 4 years ago

I'm running the command:

acme_tiny \
>           --account-key /var/lib/https-portal/account.key \
>           --csr /var/lib/https-portal/redacted.domain/staging/domain.csr \
>           --acme-dir /var/www/default/challenges/ \
>           --disable-check \
>           --directory-url https://acme-staging-v02.api.letsencrypt.org/directory > /var/lib/https-portal/redacted.domain/staging/signed.ongoing.crt

Which gives the following output:

Parsing account key...
Parsing CSR...
Found domains: redacted.domain
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Traceback (most recent call last):
  File "/bin/acme_tiny", line 198, in <module>
    main(sys.argv[1:])
  File "/bin/acme_tiny", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/bin/acme_tiny", line 126, in get_crt
    authorization, _, _ = _do_request(auth_url, err_msg="Error getting challenges")
  File "/bin/acme_tiny", line 46, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error getting challenges:
Url: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/26155455
Data: None
Response Code: 405
Response: {u'status': 405, u'type': u'urn:ietf:params:acme:error:malformed', u'detail': u'Method not allowed'}

I'm not sure how to debug this

stam commented 4 years ago

I'm seeing similar errors in this thread: https://community.letsencrypt.org/t/problem-with-renew-certificates-the-request-message-was-malformed-method-not-allowed/107889

Which points to this thread as the underlying issue: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

diafygi commented 4 years ago

@stam it looks like you're using an old version of acme-tiny. This issue was fixed in https://github.com/diafygi/acme-tiny/commit/1b6c6bc0e67aa28fac259c3077883594d3c871d5 and released in 4.1.0

stam commented 4 years ago

Thank you