search

gheift / ght-acme.sh

a linux shell script to sign certifactes by the letsencrypt CA
GNU General Public License v2.0
84 stars 32 forks source link

BUG# letsencrypt.sh register #23

Open cs-network opened 8 years ago

cs-network commented 8 years ago

Issue while registering account ike documented. Output:

register account
unhandled response while registering account

HTTP/1.1 100 Continue
Expires: Thu, 02 Jun 2016 14:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: 7FWDn2F7tB393-7umusDLD0VObciMtO6FjUUL2Rk8zE
Expires: Thu, 02 Jun 2016 14:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 02 Jun 2016 14:36:12 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Invalid JWK in JWS header",
  "status": 400
}

I run thoose commands:

umask 0177
openssl genrsa -out account.key 4096
umask 0022

./letsencrypt.sh register -a account.key -e webmaster@example.org

Any Ideas what could I change?

Thanks for your work an regards Christian

gheift commented 8 years ago

I cannot reproduce your error. Can you run sh -x ./letsencrypt.sh register -a account.key -e webmaster@example.org and post the output?

rcloran commented 8 years ago

I'm seeing the same on OS X. Here's sh -x output:

+ trap 'rm -f "$RESP_HEADER" "$RESP_BODY" "$LAST_NONCE" "$LAST_NONCE_FETCH" "$OPENSSL_CONFIG" "$OPENSSL_IN" "$OPENSSL_OUT" "$OPENSSL_ERR" "$TMP_SERVER_CSR"' 0 2 3 9 11 13 15
++ mktemp -t le.44270.resp-header.XXXXXX
+ RESP_HEADER=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
++ mktemp -t le.44270.resp-body.XXXXXX
+ RESP_BODY=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue
++ mktemp -t le.44270.nonce.XXXXXX
+ LAST_NONCE=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
++ mktemp -t le.44270.nonce-fetch.XXXXXX
+ LAST_NONCE_FETCH=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1
++ mktemp -t le.44270.openssl.cnf.XXXXXX
+ OPENSSL_CONFIG=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.cnf.XXXXXX.gGdwIX3s
++ mktemp -t le.44270.openssl.in.XXXXXX
+ OPENSSL_IN=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.in.XXXXXX.rUx3RjHe
++ mktemp -t le.44270.openssl.out.XXXXXX
+ OPENSSL_OUT=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.out.XXXXXX.KQ5DUzyW
++ mktemp -t le.44270.openssl.err.XXXXXX
+ OPENSSL_ERR=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.err.XXXXXX.5JeU6zi3
++ mktemp -t le.44270.server.csr.XXXXXX
+ TMP_SERVER_CSR=/var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.server.csr.XXXXXX.mfNQoEzz
+ CA=https://acme-staging.api.letsencrypt.org
+ CA=https://acme-v01.api.letsencrypt.org
+ PROTECTED=
+ PAYLOAD=
+ SIGNATURE=
+ ACCOUNT_KEY=
+ ACCOUNT_JWK=
+ REQ_JWKS=
+ ACCOUNT_THUMB=
+ SERVER_KEY=
+ SERVER_CSR=
+ SERVER_CERT=
+ ACCOUNT_EMAIL=
+ DOMAINS=
+ DOMAIN_DATA=
+ WEBDIR=
+ PUSH_TOKEN=
+ QUIET=
+ '[' 5 -gt 0 ']'
+ ACTION=register
+ shift
+ SHOW_THUMBPRINT=0
+ case "$ACTION" in
+ getopts :hqa:e:p name
+ case "$name" in
+ ACCOUNT_KEY=account.key
+ getopts :hqa:e:p name
+ case "$name" in
+ ACCOUNT_EMAIL=webmaster@example.org
+ getopts :hqa:e:p name
+ shift 4
+ case "$ACTION" in
+ load_account_key
+ '[' -n account.key ']'
+ '[' -r account.key ']'
+ openssl rsa -in account.key -noout
+ handle_openssl_exit 0 'opening account key'
+ OPENSSL_EXIT=0
+ OPENSSL_ACTION='opening account key'
+ '[' 0 '!=' 0 ']'
++ key_get_exponent account.key
++ openssl pkey -inform perm -in account.key -noout -text_pub
++ handle_openssl_exit 0 'extracting account key exponent'
++ OPENSSL_EXIT=0
++ OPENSSL_ACTION='extracting account key exponent'
++ '[' 0 '!=' 0 ']'
++ sed -e '/Exponent: / ! d; s/Exponent: [0-9]*\s\+(\(\(0\)x\([0-9]\)\|0x\)\(\([0-9][0-9]\)*\))/\2\3\4/'
++ xxd -r -p
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
++ key_get_modulus account.key
++ openssl rsa -in account.key -modulus -noout
++ handle_openssl_exit 0 'extracting account key modulus'
++ OPENSSL_EXIT=0
++ OPENSSL_ACTION='extracting account key modulus'
++ '[' 0 '!=' 0 ']'
++ sed -e 's/^Modulus=//'
++ xxd -r -p
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ ACCOUNT_JWK='{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}'
+ REQ_JWKS='{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}}'
++ echo '{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}'
++ tr -d '\r\n'
++ openssl dgst -sha256 -binary
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ ACCOUNT_THUMB=n90NpYuKZpl5aG9g7vdCLcSSNxz67UWbzLLEk_tkKVA
+ '[' -z webmaster@example.org ']'
+ register_account_key
+ log 'register account'
+ '[' -z '' ']'
+ echo 'register account'
register account
+ NEW_REG='{"resource":"new-reg","contact":["mailto:webmaster@example.org"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+ send_req https://acme-v01.api.letsencrypt.org/acme/new-reg '{"resource":"new-reg","contact":["mailto:webmaster@example.org"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+ URI=https://acme-v01.api.letsencrypt.org/acme/new-reg
+ gen_protected
++ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
+ NONCE=
+ '[' -z '' ']'
+ curl -D /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1 -o /dev/null -s https://acme-v01.api.letsencrypt.org/directory
+ handle_curl_exit 0 https://acme-v01.api.letsencrypt.org/directory
+ CURL_EXIT=0
+ CURL_URI=https://acme-v01.api.letsencrypt.org/directory
+ '[' 0 '!=' 0 ']'
+ sed -e '/Replay-Nonce: / ! d; s/^Replay-Nonce: //' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1
+ tr -d '\r\n'
++ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx
+ NONCE=PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc
+ '[' -n PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc ']'
++ echo '{"nonce":"PZEAl5-fLaXLQMdEJNXJOrpqTt0zxXNBGi2EW8JUNBc"}'
++ tr -d '\n\r'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ PROTECTED=eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ
+ echo
+ tr -d '\n\r'
++ echo '{"resource":"new-reg","contact":["mailto:webmaster@example.org"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ PAYLOAD=eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K
+ gen_signature
+ printf %s eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ.eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K
+ openssl dgst -sha256 -binary -sign account.key
+ handle_openssl_exit 0 'signing request'
+ OPENSSL_EXIT=0
+ OPENSSL_ACTION='signing request'
+ '[' 0 '!=' 0 ']'
++ base64url
++ openssl base64
++ tr +/ -_
++ tr -d '\r\n='
+ SIGNATURE=wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ
+ DATA='{"header":{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}},"protected":"eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ","payload":"eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K","signature":"wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ"}'
+ curl -s -d '{"header":{"alg":"RS256","jwk":{"e":"","kty":"RSA","n":"wxKdTGijXqfPQIdLCQzjgEf9W3e0St2cdpufQBJdtsXE9xKu6O-KgFeqnOZbCRYE9g8bBgIBNP8qt7kL8zBEfZMiN8D8lyRoqpnq3d8ajDghgm9HMreVVuz-9QHzQ2P_g4qPJVKrhE5FYNZ31do9mOfQFm8ef5LSbf4629jL8mgpPSi6K0OFTZ-P_znMw7YVSx7Gzj2ScL4Y8TpHm5JIBwZWIX4Z4AL4DgE0i0I2nKGBzaX7pwKw7QZoeu4tFZHAFijyV41xQ9TS0ZtzNWuDEzbj46dcLsTf-D_2PXmUDuD8XfibMY4oqhIPxJBUC-OsK0eB5YdAll9o3g7Re1ONXplpDbye3xnnaM0rbROPafFYkcPUYdsbBxjACd4q1Mq1OhI44JtRTLR07_QjHTnuN7dccZsni5vtnqSVT2exB_D0Sb-N5HT0wf1jTwm0W6WUNXlwN2Sno-LK1qUyjhnP3Fc9EfOyK4-hZkl4vNJ7Y9XIyuUsgszrXAJyfjjbUovQAZkocJevPZoIphaGNvkg0xhiY4_n_EUUpbqwpJp9QtH5cm-0ekXUOxfsCYbHg_Htx7_xI6RvRug26UAo6ogNeSxsDL-VnsL-lcXdXeoNIbSyd_vNmXmAz5wwm88RueqQ2pICJIqk81B7wz1RtcfSYEmPvtponYuTjsbBiBt9RR8"}},"protected":"eyJub25jZSI6IlBaRUFsNS1mTGFYTFFNZEVKTlhKT3JwcVR0MHp4WE5CR2kyRVc4SlVOQmMifQ","payload":"eyJyZXNvdXJjZSI6Im5ldy1yZWciLCJjb250YWN0IjpbIm1haWx0bzp3ZWJtYXN0ZXJAZXhhbXBsZS5vcmciXSwiYWdyZWVtZW50IjoiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjAuMS1KdWx5LTI3LTIwMTUucGRmIn0K","signature":"wt_mpf6mDNVIfWg2bH0B5Zf2i_M3YSsy3lUzmuWEQtKOX5BjRb-z63Q517ixR6bmzMet5NbPGYL82zBO8Q3n2wd3N_bARJYi_pXuAfq46mKjy-GSywhKsKkj4zV7egkH6fdEiPgTkkweBIU4ugtpbDLcLWiTmO_JPzGCc_A34AnI7SPpmtBhY_IVsDFtU3QwBSQgfg_7yzF2FnxpcQYy1FOVevglwcqCErime1goSC1tDeKqeRh_aPBusD7rQ_wiYHqCVHcsFoKFUymm_IbLuvgf-RCXeNfkirfUSmFClLO_4AQQypYnU6HDSzDArE0FUsDpggJ6RKljUKdA7clvA11TLRG_PESdH2U9FY3NXsCOA5nRpx-QPf3o9koOy62GDJg4FlmlMJwWR1bDjvL-beIFxAPYtnNR--UH8PU1ADl6X3JLwTE3A6JI6XqLXhliOO9EtWrSK6aA7-QfoyEs6bjKeXbxfLNVco8-yV5TOZ8ZOxqnxC9Z7ncx_w1mf0DGUvOf-jqcdU3mU8JSf42KQ4lWt-TprDh0j7vvEbFujpKvwEMpy-2aYEmMbhAU4uGk4Pl96xT_sWho6_G-8jtqbbiipYS-sCkftnBCo52y8iV81UYKvwipLzK4bKay7iARAgWX22G32qJ-7xOGJoRF2aMTFzaHtlLRV6X92GLcySQ"}' -D /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR -o /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue https://acme-v01.api.letsencrypt.org/acme/new-reg
+ handle_curl_exit 0 https://acme-v01.api.letsencrypt.org/acme/new-reg
+ CURL_EXIT=0
+ CURL_URI=https://acme-v01.api.letsencrypt.org/acme/new-reg
+ '[' 0 '!=' 0 ']'
+ sed -e '/Replay-Nonce: / ! d; s/^Replay-Nonce: //' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ tr -d '\r\n'
+ check_http_status 201
+ fgrep -q 'HTTP/1.1 201 ' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ check_http_status 409
+ fgrep -q 'HTTP/1.1 409 ' /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR
+ unhandled_response 'registering account'
+ echo 'unhandled response while registering account'
unhandled response while registering account
+ echo

+ cat /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue
HTTP/1.1 100 Continue
Expires: Wed, 06 Jul 2016 03:37:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Boulder-Request-Id: OzloiUNVDAYSJTjSryf3c5ibLTS4iifgyQdvh9ti-mI
Replay-Nonce: AUpQbYIfKEf9LwfnjMuJF7vH1bM-LnmhtlgvtPU_8ks
Expires: Wed, 06 Jul 2016 03:37:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2016 03:37:07 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Invalid JWK in JWS header",
  "status": 400
}+ echo

+ exit 1
+ rm -f /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-header.XXXXXX.OmOk4syR /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.resp-body.XXXXXX.YUXxsCue /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce.XXXXXX.MW9ii4hx /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.nonce-fetch.XXXXXX.dSwqK0A1 /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.cnf.XXXXXX.gGdwIX3s /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.in.XXXXXX.rUx3RjHe /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.out.XXXXXX.KQ5DUzyW /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.openssl.err.XXXXXX.5JeU6zi3 /var/folders/8j/hbwx08fx1kngcgnfzd_0v4ln261glm/T/le.44270.server.csr.XXXXXX.mfNQoEzz
bruncsak commented 8 years ago

The problem is with the extraction of the exponent from the key. (see: "e":"" ). Could you give the output of the following command on your OS X system please?

openssl pkey -inform perm -in account.key -noout -text_pub | grep -i Exponent

rcloran commented 8 years ago 
$  openssl pkey -inform perm -in account.key -noout -text_pub | grep -i Exponent

openssl:Error: 'pkey' is an invalid command.
...
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

Looks like I could install a more recent openssl from homebrew which would probably fix this. Don't really have time to dig now myself, but happy to try things you tell me to :)

bruncsak commented 8 years ago

Thanks for the feedback. Would you try my version please? It supposed to work with your older version of openssl as well. Please let us know how it goes.

wolfiepawz commented 8 years ago

I'm getting:

{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]",
  "status": 400
}
paulojribp commented 8 years ago

I'm getting the same error. My exponent output is: Exponent: 65537 (0x10001)

I'm running on Ubuntu 12.04 server.

paulojribp commented 8 years ago

Ok, I did this change (https://github.com/gheift/letsencrypt.sh/pull/27/files/f3b571f312b4c29b3dde77f1cb5231aa4edbb518) and seems it works. Thanks