"detail":"Signature has expired." when trying to jpm sign

[markon1]

I get this error when I try to sign my add-on:

JPM [info] Created XPI for signing: C:\Users\STEFAN~1\AppData\Local\Temp\tmp-unsigned-xpi-4148hCxnCs5ors7J\@ffe-1.0.0.xpi
JPM [error] FAIL
Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/%40ffe/versions/1.0.0/

status: 401
response: {"detail":"Signature has expired."}
headers: {"allow":"GET, PUT, HEAD, OPTIONS","content-security-policy":"script-src 'self' https://addons.mozilla.org https://www.paypalobjects.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://addons.cdn.mozilla.net; default-src 'self'; img-src 'self' data: blob: https://www.paypal.com https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://ssl.gstatic.com/ https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; frame-src 'self' https://ic.paypal.com https://paypal.com https://www.google.com/recaptcha/ https://www.paypal.com; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; report-uri /__cspreport__","content-type":"application/json","date":"Sat, 19 Mar 2016 01:13:50 GMT","server":"nginx","set-cookie":["multidb_pin_writes=y; expires=Sat, 19-Mar-2016 01:14:05 GMT; Max-Age=15; Path=/"],"strict-transport-security":"max-age=31536000","vary":"X-Mobile, User-Agent","www-authenticate":"JWT realm=\"api\"","x-content-type-options":"nosniff","x-frame-options":"DENY","x-xss-protection":"1; mode=block","transfer-encoding":"chunked","connection":"Close"}

    at C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\lib\amo-client.js:92:13
    at tryCatchReject (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:845:30)
    at runContinuation1 (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:804:4)
    at Fulfilled.when (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:592:4)
    at Pending.run (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:483:13)
    at Scheduler._drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:62:19)
    at Scheduler.drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:27:9)
    at doNTCallback0 (node.js:419:9)
    at process._tickCallback (node.js:348:13)

[kumar303]

Is your system clock in sync? You may have to use a synchronization service. However, this exact error is unexpected in that case. It may be related though.

[kumar303]

Closing this due to lack of feedback.

[tbajorek]

I have this error. I synchronize system clock (Ubuntu) from Internet. I use command: jpm sign --api-key "user:***:**" --api-secret "****" Can you help me, please?

[kumar303]

It's a bit tricky to debug. Can you confirm against some network time value that your clock is definitely in sync with it?

[tbajorek]

I solved my problem. My time with the Internet was different by a few seconds of Mozilla time. The signature is valid only for 15 seconds. It's a very little time and can cause problems, as for example with me. I set the time manually for a few seconds before and now it works. I propose in the future to add a possibility to manually set the expiry date.

[kumar303]

It's not possible to allow manual configuration of the expiry because relying on a fixed value of time (i.e. network time) protects against certain attacks from people trying to break into your account. We can increase the leeway given to skewey clocks though https://github.com/mozilla/addons/issues/2418

[HorvathAkosPeter]

I had the same problem. I checked my clock, and yes, it was out of sync. After sync (and re-generating the API key on https://addons.mozilla.org/de/developers/addon/api/key/ it worked.