Empty Account URL from the Location header of the ACME v2 new-acct response
Greetings,
Testing bacme for the first time, 2020-02-11 so went with version 1.1.0. The new-order
step was failing thus:
#### Registering account ...
Getting nonce ...
nonce = 0001CWEfKcl2PonjFquvkaHnSMRyY923D8hP9ZLPeTaR9VA
Request URL: https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
JWS Header: { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "0Hw8grd7Py9wr-UQCC6lLFFklVS-9UIvHNcaM0EmD6AbupMbR4e3RLWW4M5pjimoIXz6UMHk_IY1CGLjefr8hORj5LEj8nV8VDrcX5IUyc9zeiUib7sPrGZ6i4Ve5Q fHwSmWQ4MjKOYLhlZgo1tkFUBo6nfCCxvbemdvbl3MvxnaKUhFFhir7Gf1iQcJkHMiDHhs8kD7w9Ceqqq5mK3OBeJgBmXwIxkiibXYcu09fSpsV9K9XRocSNh0YKDsheO9m1pjl1RLqXHsB_NywGUPqvJ0843Vjr-pw9vXeVQegNfMFXnMTP_4n4BnyU0wl-XkTnOi TvcCP4_iC7rYRnhfHQVIfzVTHbeetjEW8xqzEXu1g5rgv_UAp5zxrddLFBmNFr6KQ_ffdyB5qxYqMWDh5cN9ODqR5_7VtGAUmTKOwOO-ZawGqp1D9qOaD_it_Jc2QuCRyapGUHSOyuR8uu7q4LttvgyybRMXllxlCvot52YbblhnPtRqhjRO0gMKoSklsJ2wrlkMcn PxWEPXRb6x_NhZBLclWfc8Zd-oDkCMx-i2BKVn1dm1H4xtcka9EbJXlXPNw7yiRd1HLUFEHdRaMNyvOBmOUE4I0Uy2Vfqe4vsJYews-MYtiGOmNH_cpsQvzq8lsSo7ooA-Nxg-4Cb3OCtEP5ndrQvjCwURVuQOvMc" }, "nonce": "0001CWEfKcl2PonjFquvka HnSMRyY923D8hP9ZLPeTaR9VA", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct" }
JWS Body: { "termsOfServiceAgreed": true, "contact": [ "mailto:<censored-email>@<censored-domain>" ] }
API request successful
Account URL:
#### OK
#### Generating domain private key ...
#### Private key: <censored-domain>/<censored-domain>.key
Generating RSA private key, 4096 bit long modulus
.....++
.........................++
e is 65537 (0x10001)
#### Creating order ...
Getting nonce ...
nonce = 0001GygXaWaz5Qi3OCbAYSiSN2nXNfZulCzVgniXh33ZBos
Request URL: https://acme-staging-v02.api.letsencrypt.org/acme/new-order
JWS Header: { "alg": "RS256", "kid": "", "nonce": "0001GygXaWaz5Qi3OCbAYSiSN2nXNfZulCzVgniXh33ZBos", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order" }
JWS Body: { "identifiers": [ { "type": "dns", "value": "<censored-domain>" } ] }
ERROR: API request error
ERROR: Request URL: https://acme-staging-v02.api.letsencrypt.org/acme/new-order
ERROR: HTTP status: 400
ERROR: HTTP/1.1 100 Continue
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 11 Feb 2020 22:24:07 GMT
Content-Type: application/problem+json
Content-Length: 108
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001t17oNfxFqbqh4TBaywhW9GCsi52SklqgOnZqSq2EvIU
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "No Key ID in JWS header",
"status": 400
}
EXIT 1
I noticed the new Account URL was empty. Code revealed (bacme:272) that it was being retrieved as:
ACCOUNT_URL=$(echo "${RESPONSE}" | grep '^location:' | sed 's/^location: //' | flatstring)
That lowercase "location" seemed suspicious. I investigated the response from the new-account
call and indeed it was a traditional Location HTTP header.
Preparing a merge request now.
All the best, thanks for making the simplest ACME client yet! Very useful for scripting the renewals in an unusual context (certificates obtained are to be published on a lesser-known public cloud frontal LB).
Cheers, David Holmes