"JWS has an invalid anti-replay nonce" if "Propagation Delay" is long

webprofusion / certify

Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com

https://certifytheweb.com

Other

1.47k stars 254 forks source link

"JWS has an invalid anti-replay nonce" if "Propagation Delay" is long #485

Closed Zidium closed 4 years ago

Zidium commented 4 years ago

I try to request a wildcard certificate using "Custom script" update method and "Propagation Delay" 300 seconds. I get an error "JWS has an invalid anti-replay nonce" in phase 2 after those 300 sec. Error is stable. As i know, client should fetch a new nonce if current is out of date, it doesn't seem to be done. https://tools.ietf.org/html/rfc8555#section-6.5 I attached log and last request+response from "session.log" log_f769f7c4-4876-4f7d-843a-d8b1eebc99fa_8.txt session.log

webprofusion-chrisc commented 4 years ago

Thanks for raising this. Yes, it should retry (which we do on new orders but may not be doing on resume). There will be a v4.1.7 patch release with bug fixes shortly.

Zidium commented 4 years ago

Thanks! Where can i get v4.1.7 binaries for update?

webprofusion-chrisc commented 4 years ago

If you launch the app it will offer to update itself, or you can download from https://certifytheweb.com

Zidium commented 4 years ago

Sorry, I didn't see the new version is available ) Now it works right. Thank you again!