Closed grindsa closed 3 months ago
Hello,
do you have something to help me to reproduce the problem? (a stack with your ACME server)
Server side is acme2certifier. This is my project and I am using lego during regular regression. I can setup a test-environment if needed.
/G
If you can provide a test environment, it will help me a lot.
here we go. Try "http://acme-eab.dynamop.de"
grindsa@ub2204:~$ curl http://acme-eab.dynamop.de | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 720 0 720 0 0 9294 0 --:--:-- --:--:-- --:--:-- 9350
{
"newAuthz": "http://acme-eab.dynamop.de/acme/new-authz",
"newNonce": "http://acme-eab.dynamop.de/acme/newnonce",
"newAccount": "http://acme-eab.dynamop.de/acme/newaccount",
"newOrder": "http://acme-eab.dynamop.de/acme/neworders",
"revokeCert": "http://acme-eab.dynamop.de/acme/revokecert",
"keyChange": "http://acme-eab.dynamop.de/acme/key-change",
"renewalInfo": "http://acme-eab.dynamop.de/acme/renewal-info",
"meta": {
"home": "https://github.com/grindsa/acme2certifier",
"author": "grindsa <grindelsack@gmail.com>",
"name": "acme2certifier",
"version": "0.33.3",
"externalAccountRequired": true
},
"d990b328306e47ff89185b281e282ca5": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
Pls use kid "keyid_02" and hmac "bWFjXzAy".
docker run -i -v $PWD/lego:/.lego/ --rm --name lego goacme/lego:v4.15.0 -s http://acme-eab.dynamop.de/ -a --email "lego@example.com" -eab --kid keyid_02 --hmac bWFjXzAy -d lego.bar.local --http run
works without issues while
docker run -i -v $PWD/lego:/.lego/ --rm --name lego goacme/lego -s http://acme-eab.dynamop.de/ -a --email "lego@example.com" --eab --kid keyid_02 --hmac bWFjXzAy -d lego.bar.local --http run
fails with the above mentioned error
It's because your hmac is too short (48 bits), it must be >= 256 bits
A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used https://datatracker.ietf.org/doc/html/rfc7518#section-3.2
Related to https://github.com/go-jose/go-jose/pull/85
Thank you for your help. I increased the key-size and it works without problems.
I am closing this issue.
Welcome
What did you expect to see?
after upgrading to v4.16.1 registration on my private acme-server fails with the below error
there is no communication with the acme-server at all.
Do you have an idea what is going wrong and how fix this?
What did you see instead?
on v4.15.0 registration using the same credentials runs fine:
How do you use lego?
Docker image
Reproduction steps
see the above commands...
Version of lego
Logs
see above
Go environment (if applicable)
docker image