Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: N/A
I ran this command: I post data to /acme/key-change
It produced this output: 500 Error
inputData: ‘"{“resource”: “key-change”,“payload”:“eyJhY2NvdW50IjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMzEiLCJvbGRLZXkiOnsia3R5IjoiUlNBIiwibiI6IkFNaTQ2SVJ6WnU3N2NXNno0emlsaHhDWl9RSTVGbVh0NmJUOUQyamNXRktDeHIxRndmcnE3SGc1akdoZHZUWWRSLU0xczRJU2pzd2lpUGpWcllYOXFPWUNYWngtci1SU2djOFZlRFM3cVV0dEVjMG9tYlNObE11d3VVNkFWRVhlVFBfVkZtaGFyd1pCQ3RrdUtjSE9NSjA1Y0VyeHZ2OXBPTmxvd2t2V0hjUl9HOG9vMWVqM3hQX1NrQjQ2RjU3bm43T19mdS1PS2Y3M05oLW5pS3ZiMTlwc3ZnZTREUXVvWmdRcTV3aktPREN1bURoNUFKaXpLVmRhaXNObGNyMjZLRVJoU0ZhWmk5dUo3eTE3cktuNmdvZGJHUGhMOFp1ZGFyZjY2cHdjamkxZFlmNUw5TmRYZHdxZHZfNll2c2JEZjJnUlFHWnlBUC11YlJkVTRVVk1CWjAiLCJlIjoiQVFBQiJ9fQ”,“protected”:“eyJqd2siOnsia3R5IjoiUlNBIiwibiI6IkFMUlJIUVB2bnZXdDZrdEdYMWNzV3VXZUZSckhCZ096bUxFUGJjaHRRZlYzeW1zVXNHeWV0UXk4Z0tvQllWNTgzNmpqb3E0X0w0c3o2T3NzQ3JaVzdEMWtfYzQyT1JuMmo1SlctMWVRYVA3TGJSX045aXVudGRmdG4wdlc1aF9pNGgyUlNOZklUZ010SzlMcXRmOGkxczFyMG5UWmxJVGlfYllBRzBsVU45Qm5JbWNTa3RMZzFFOEh5S1Y5dWlBdUlzZExCRWd5TldTTDBMNmtqbG0wR0V6VWZ2VGoxdkwtWkROUWNtNkVNZlh6SGdnZW04a2dlQTcwV0VHN1JLRWVlbHExOHRnYmFYVmI5QllPaWUyM2pzbmg3clhxUDhxVU14VWdVbVRhVlVaZWU0UTY1TjZjVFh6ZXptYlBGMTdVMWduM0lUb055T212dlVXMElvRkpqbE0iLCJlIjoiQVFBQiJ9LCJhbGciOiJSUzI1NiJ9”,“signature”:“GETdMMBlVpnGeUF4b68S9-EHXQw1M_I0Jh5c2Nm97IE3-IzKy5trwhRrOXmIwfU60M3vdrfQNehfCyZHC74nNd5EMa8Xh5KhyzW9m7rrmDwQKIHLZhtPEqmZ9JXrn_jhkkHxAiRvpKOcpqR3bq0akb66wiKfNy06qbyyKRh_ENgrEVCDEEDFmpF6CeOgKdXhcP0u2p-eR_ku9fwk3UZM04m11VpcGRgp06VUtZ2fOeZDs1jbNZS5NlnVwEm-zdGH7AQukID_xCgHkb9rW7RCi-1uDfHMTIQu2VJCrEl8QKlQdefkYVrp3RnESiaDKwCTKEkBc5KJq5ETVh3yhLLZGg”}"’
payload: eyJub25jZSI6ImhMSVVNNDRuMzN2bHlmdm9XUWh0V0Y2MXVvNExEUVRiVHREZWl3dG5zbkkiLCJhbGciOiJSUzI1NiIsInVybCI6Imh0dHA6Ly9xYS1sZS1hcHAwMS5ib3MwMS5jb3JwLmFrYWRldnFhLmNvbTo0MDAxL2FjbWUva2V5LWNoYW5nZSIsImtpZCI6Imh0dHA6Ly9xYS1sZS1hcHAwMS5ib3MwMS5jb3JwLmFrYWRldnFhLmNvbTo0MDAxL2FjbWUvYWNjdC8yIn0.eyJyZXNvdXJjZSI6ICJrZXktY2hhbmdlIiwicGF5bG9hZCI6ImV5SmhZMk52ZFc1MElqb2lhSFIwY0hNNkx5OWhZMjFsTFhZd01pNWhjR2t1YkdWMGMyVnVZM0o1Y0hRdWIzSm5MMkZqYldVdllXTmpkQzh4TXpFaUxDSnZiR1JMWlhraU9uc2lhM1I1SWpvaVVsTkJJaXdpYmlJNklrRk5hVFEyU1ZKNlduVTNOMk5YTm5vMGVtbHNhSGhEV2w5UlNUVkdiVmgwTm1KVU9VUXlhbU5YUmt0RGVISXhSbmRtY25FM1NHYzFha2RvWkhaVVdXUlNMVTB4Y3pSSlUycHpkMmxwVUdwV2NsbFlPWEZQV1VOWVduZ3RjaTFTVTJkak9GWmxSRk0zY1ZWMGRFVmpNRzl0WWxOT2JFMTFkM1ZWTmtGV1JWaGxWRkJmVmtadGFHRnlkMXBDUTNScmRVdGpTRTlOU2pBMVkwVnllSFoyT1hCUFRteHZkMnQyVjBoalVsOUhPRzl2TVdWcU0zaFFYMU5yUWpRMlJqVTNibTQzVDE5bWRTMVBTMlkzTTA1b0xXNXBTM1ppTVRsd2MzWm5aVFJFVVhWdldtZFJjVFYzYWt0UFJFTjFiVVJvTlVGS2FYcExWbVJoYVhOT2JHTnlNalpMUlZKb1UwWmhXbWs1ZFVvM2VURTNja3R1Tm1kdlpHSkhVR2hNT0ZwMVpHRnlaalkyY0hkamFta3haRmxtTlV3NVRtUllaSGR4WkhaZk5sbDJjMkpFWmpKblVsRkhXbmxCVUMxMVlsSmtWVFJWVmsxQ1dqQWlMQ0psSWpvaVFWRkJRaUo5ZlEiLCJwcm90ZWN0ZWQiOiJleUpxZDJzaU9uc2lhM1I1SWpvaVVsTkJJaXdpYmlJNklrRk1VbEpJVVZCMmJuWlhkRFpyZEVkWU1XTnpWM1ZYWlVaU2NraENaMDk2YlV4RlVHSmphSFJSWmxZemVXMXpWWE5IZVdWMFVYazRaMHR2UWxsV05UZ3pObXBxYjNFMFgwdzBjM28yVDNOelEzSmFWemRFTVd0Zll6UXlUMUp1TW1vMVNsY3RNV1ZSWVZBM1RHSlNYMDQ1YVhWdWRHUm1kRzR3ZGxjMWFGOXBOR2d5VWxOT1prbFVaMDEwU3psTWNYUm1PR2t4Y3pGeU1HNVVXbXhKVkdsZllsbEJSekJzVlU0NVFtNUpiV05UYTNSTVp6RkZPRWg1UzFZNWRXbEJkVWx6WkV4Q1JXZDVUbGRUVERCTU5tdHFiRzB3UjBWNlZXWjJWR294ZGt3dFdrUk9VV050TmtWTlpsaDZTR2RuWlcwNGEyZGxRVGN3VjBWSE4xSkxSV1ZsYkhFeE9IUm5ZbUZZVm1JNVFsbFBhV1V5TTJwemJtZzNjbGh4VURoeFZVMTRWV2RWYlZSaFZsVmFaV1UwVVRZMVRqWmpWRmg2WlhwdFlsQkdNVGRWTVdkdU0wbFViMDU1VDIxMmRsVlhNRWx2UmtwcWJFMGlMQ0psSWpvaVFWRkJRaUo5TENKaGJHY2lPaUpTVXpJMU5pSjkiLCJzaWduYXR1cmUiOiJHRVRkTU1CbFZwbkdlVUY0YjY4UzktRUhYUXcxTV9JMEpoNWMyTm05N0lFMy1Jekt5NXRyd2hSck9YbUl3ZlU2ME0zdmRyZlFOZWhmQ3laSEM3NG5OZDVFTWE4WGg1S2h5elc5bTdycm1Ed1FLSUhMWmh0UEVxbVo5Slhybl9qaGtrSHhBaVJ2cEtPY3BxUjNicTBha2I2NndpS2ZOeTA2cWJ5eUtSaF9FTmdyRVZDREVFREZtcEY2Q2VPZ0tkWGhjUDB1MnAtZVJfa3U5ZndrM1VaTTA0bTExVnBjR1JncDA2VlV0WjJmT2VaRHMxamJOWlM1TmxuVndFbS16ZEdIN0FRdWtJRF94Q2dIa2I5clc3UkNpLTF1RGZITVRJUXUyVkpDckVsOFFLbFFkZWZrWVZycDNSbkVTaWFES3dDVEtFa0JjNUtKcTVFVFZoM3loTExaR2cifQ.SooLqxzKPc8euXtPMN2u7NW4EwC3KV_SLEF31kWyr_jSQiHic2SfxH8BRycnV0crl1b8bbExHOk0lGEv7r7BZ6VjoSxNpf_anMtBkwgr4cloEv06UW9SM7nTBAUxtbDyYwPBoHO6VgvzXRXN1l3xMUGf534XFooFKkLppu0EHlUjzDiASdsnro9GQXp10iyVSb9zTnPq7EddvJGKmYo67U29YAUBVwXro4FxTehMoKrLjzK2osDazgBOUjWbyY06Wtr7kmFZ49n-_49bBg83WmLOGGmApOyg_NX4CNCUv9tmtjb3QOyVF6yFpVEZlreuxsoU6FBfVJfB91kb_L5ayQ
body: ‘{“payload”:“eyJyZXNvdXJjZSI6ICJrZXktY2hhbmdlIiwicGF5bG9hZCI6ImV5SmhZMk52ZFc1MElqb2lhSFIwY0hNNkx5OWhZMjFsTFhZd01pNWhjR2t1YkdWMGMyVnVZM0o1Y0hRdWIzSm5MMkZqYldVdllXTmpkQzh4TXpFaUxDSnZiR1JMWlhraU9uc2lhM1I1SWpvaVVsTkJJaXdpYmlJNklrRk5hVFEyU1ZKNlduVTNOMk5YTm5vMGVtbHNhSGhEV2w5UlNUVkdiVmgwTm1KVU9VUXlhbU5YUmt0RGVISXhSbmRtY25FM1NHYzFha2RvWkhaVVdXUlNMVTB4Y3pSSlUycHpkMmxwVUdwV2NsbFlPWEZQV1VOWVduZ3RjaTFTVTJkak9GWmxSRk0zY1ZWMGRFVmpNRzl0WWxOT2JFMTFkM1ZWTmtGV1JWaGxWRkJmVmtadGFHRnlkMXBDUTNScmRVdGpTRTlOU2pBMVkwVnllSFoyT1hCUFRteHZkMnQyVjBoalVsOUhPRzl2TVdWcU0zaFFYMU5yUWpRMlJqVTNibTQzVDE5bWRTMVBTMlkzTTA1b0xXNXBTM1ppTVRsd2MzWm5aVFJFVVhWdldtZFJjVFYzYWt0UFJFTjFiVVJvTlVGS2FYcExWbVJoYVhOT2JHTnlNalpMUlZKb1UwWmhXbWs1ZFVvM2VURTNja3R1Tm1kdlpHSkhVR2hNT0ZwMVpHRnlaalkyY0hkamFta3haRmxtTlV3NVRtUllaSGR4WkhaZk5sbDJjMkpFWmpKblVsRkhXbmxCVUMxMVlsSmtWVFJWVmsxQ1dqQWlMQ0psSWpvaVFWRkJRaUo5ZlEiLCJwcm90ZWN0ZWQiOiJleUpxZDJzaU9uc2lhM1I1SWpvaVVsTkJJaXdpYmlJNklrRk1VbEpJVVZCMmJuWlhkRFpyZEVkWU1XTnpWM1ZYWlVaU2NraENaMDk2YlV4RlVHSmphSFJSWmxZemVXMXpWWE5IZVdWMFVYazRaMHR2UWxsV05UZ3pObXBxYjNFMFgwdzBjM28yVDNOelEzSmFWemRFTVd0Zll6UXlUMUp1TW1vMVNsY3RNV1ZSWVZBM1RHSlNYMDQ1YVhWdWRHUm1kRzR3ZGxjMWFGOXBOR2d5VWxOT1prbFVaMDEwU3psTWNYUm1PR2t4Y3pGeU1HNVVXbXhKVkdsZllsbEJSekJzVlU0NVFtNUpiV05UYTNSTVp6RkZPRWg1UzFZNWRXbEJkVWx6WkV4Q1JXZDVUbGRUVERCTU5tdHFiRzB3UjBWNlZXWjJWR294ZGt3dFdrUk9VV050TmtWTlpsaDZTR2RuWlcwNGEyZGxRVGN3VjBWSE4xSkxSV1ZsYkhFeE9IUm5ZbUZZVm1JNVFsbFBhV1V5TTJwemJtZzNjbGh4VURoeFZVMTRWV2RWYlZSaFZsVmFaV1UwVVRZMVRqWmpWRmg2WlhwdFlsQkdNVGRWTVdkdU0wbFViMDU1VDIxMmRsVlhNRWx2UmtwcWJFMGlMQ0psSWpvaVFWRkJRaUo5TENKaGJHY2lPaUpTVXpJMU5pSjkiLCJzaWduYXR1cmUiOiJHRVRkTU1CbFZwbkdlVUY0YjY4UzktRUhYUXcxTV9JMEpoNWMyTm05N0lFMy1Jekt5NXRyd2hSck9YbUl3ZlU2ME0zdmRyZlFOZWhmQ3laSEM3NG5OZDVFTWE4WGg1S2h5elc5bTdycm1Ed1FLSUhMWmh0UEVxbVo5Slhybl9qaGtrSHhBaVJ2cEtPY3BxUjNicTBha2I2NndpS2ZOeTA2cWJ5eUtSaF9FTmdyRVZDREVFREZtcEY2Q2VPZ0tkWGhjUDB1MnAtZVJfa3U5ZndrM1VaTTA0bTExVnBjR1JncDA2VlV0WjJmT2VaRHMxamJOWlM1TmxuVndFbS16ZEdIN0FRdWtJRF94Q2dIa2I5clc3UkNpLTF1RGZITVRJUXUyVkpDckVsOFFLbFFkZWZrWVZycDNSbkVTaWFES3dDVEtFa0JjNUtKcTVFVFZoM3loTExaR2cifQ”,“protected”:“eyJub25jZSI6ImhMSVVNNDRuMzN2bHlmdm9XUWh0V0Y2MXVvNExEUVRiVHREZWl3dG5zbkkiLCJhbGciOiJSUzI1NiIsInVybCI6Imh0dHA6Ly9xYS1sZS1hcHAwMS5ib3MwMS5jb3JwLmFrYWRldnFhLmNvbTo0MDAxL2FjbWUva2V5LWNoYW5nZSIsImtpZCI6Imh0dHA6Ly9xYS1sZS1hcHAwMS5ib3MwMS5jb3JwLmFrYWRldnFhLmNvbTo0MDAxL2FjbWUvYWNjdC8yIn0”,“signature”:“SooLqxzKPc8euXtPMN2u7NW4EwC3KV_SLEF31kWyr_jSQiHic2SfxH8BRycnV0crl1b8bbExHOk0lGEv7r7BZ6VjoSxNpf_anMtBkwgr4cloEv06UW9SM7nTBAUxtbDyYwPBoHO6VgvzXRXN1l3xMUGf534XFooFKkLppu0EHlUjzDiASdsnro9GQXp10iyVSb9zTnPq7EddvJGKmYo67U29YAUBVwXro4FxTehMoKrLjzK2osDazgBOUjWbyY06Wtr7kmFZ49n-_49bBg83WmLOGGmApOyg_NX4CNCUv9tmtjb3QOyVF6yFpVEZlreuxsoU6FBfVJfB91kb_L5ayQ”}’
responseCode: ‘500’
headers: HttpHeaders({})
response: ‘’
data: None
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
More background:
We had ACME-V1 key-change worked for quite a while, but now we are migrating to use ACME-V2 API.
I have post data according to the spec: https://tools.ietf.org/html/draft-ietf-acme-acme-18
POST /acme/key-change HTTP/1.1
Host: example.com
Content-Type: application/jose+json
{
“protected”: base64url({
“alg”: “ES256”,
“kid”: “https://example.com/acme/acct/evOfKhNU60wg”,
“nonce”: “S9XaOcxP5McpnTcWPIhYuB”,
“url”: “https://example.com/acme/key-change”
}),
“payload”: base64url({
“protected”: base64url({
“alg”: “ES256”,
“jwk”: /* new key /,
“url”: “https://example.com/acme/key-change”
}),
“payload”: base64url({
“account”: “https://example.com/acme/acct/evOfKhNU60wg”,
“oldKey”: / old key */
}),
“signature”: “Xe8B94RD30Azj2ea…8BmZIRtcSKPSd8gU”
}),
“signature”: “5TWiqIYQfIDfALQv…x9C2mg8JGPxl5bI4”
}
Please help on how and where I can check what is wrong.