ACME v2 missing JWS header with acme.sh

I’m using acme.sh but I’m having issues ( {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“No Key ID in JWS header”,“status”: 400} ). How did you generate it? Thanks!

@Neilpang Are you aware of any acme.sh issues that would result in the wrong JWS header being used in an ACME v2 request?

Thanks for your awesome work! It is greatly appreciated :slight_smile: I’m wondering if there any issues with the new endpoints? I’m using acme.sh v2.7.7 and I’m getting a {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“No Key ID in JWS header”,“status”: 400} error trying to generate a wildcard certificate. Any ideas? Thanks again! :slight_smile:

I’ve got the same error message when I used the acme2 installation where I did my tests before. So I made a fresh installation of acme.sh, then it worked as said :slight_smile:

 $ git clone https://github.com/Neilpang/acme.sh.git
 $ cd .acme.sh
 $ ./acme.sh --install
 $ . ~/.bashrc
 $ export NSUPDATE_SERVER=<IP_of_DNS_Server>
 $ export NSUPDATE_KEY=$HOME/example.com.dnskey
 $ acme.sh --issue -d example.com -d *.example.com --dns dns_nsupdate --dnssleep 30

This should do the trick. My DNS is a BIND so I’ve to use dns_nsupdate, maybe you have to use another update method for your DNS.

1 Like

Thanks! That solved my problem, I actually needed to remove my old v1 certs from the ~/.acme.sh folder, I had to issue the cert, add the specified TXT records and then try again with --renew and I’m back online. Thanks a lot!!

Yes, I just noticed this issue too. it seems like a bug when you issue a cert against v2 server with the same cert name which was already has a v1 cert.

I’m fixing it.

Thanks.

2 Likes

Thanks @Neilpang!! You rock :trophy:

I have created a bug here: https://github.com/Neilpang/acme.sh/issues/1360

@darkguy2008 It’ seems to hard to me to reproduce. can you please show me your log ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.