ACME v2 missing JWS header with acme.sh


#1

I’m using acme.sh but I’m having issues ( {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“No Key ID in JWS header”,“status”: 400} ). How did you generate it? Thanks!


How to issue ACMEv2 Wildcard with Certbot 0.22.0?
ACME v2 and Wildcard Certificate Support is Live
ACME v2 and Wildcard Certificate Support is Live
#2

@Neilpang Are you aware of any acme.sh issues that would result in the wrong JWS header being used in an ACME v2 request?


#3

Thanks for your awesome work! It is greatly appreciated :slight_smile: I’m wondering if there any issues with the new endpoints? I’m using acme.sh v2.7.7 and I’m getting a {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“No Key ID in JWS header”,“status”: 400} error trying to generate a wildcard certificate. Any ideas? Thanks again! :slight_smile:


#4

I’ve got the same error message when I used the acme2 installation where I did my tests before. So I made a fresh installation of acme.sh, then it worked as said :slight_smile:

 $ git clone https://github.com/Neilpang/acme.sh.git
 $ cd .acme.sh
 $ ./acme.sh --install
 $ . ~/.bashrc
 $ export NSUPDATE_SERVER=<IP_of_DNS_Server>
 $ export NSUPDATE_KEY=$HOME/example.com.dnskey
 $ acme.sh --issue -d example.com -d *.example.com --dns dns_nsupdate --dnssleep 30

This should do the trick. My DNS is a BIND so I’ve to use dns_nsupdate, maybe you have to use another update method for your DNS.


How to issue ACMEv2 Wildcard with Certbot 0.22.0?
#5

Thanks! That solved my problem, I actually needed to remove my old v1 certs from the ~/.acme.sh folder, I had to issue the cert, add the specified TXT records and then try again with --renew and I’m back online. Thanks a lot!!


#6

Yes, I just noticed this issue too. it seems like a bug when you issue a cert against v2 server with the same cert name which was already has a v1 cert.

I’m fixing it.

Thanks.


#7

Thanks @Neilpang!! You rock :trophy:


#8

I have created a bug here: https://github.com/Neilpang/acme.sh/issues/1360

@darkguy2008 It’ seems to hard to me to reproduce. can you please show me your log ?


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.