Certsage Urn:ietf:params:acme:error:malformed

Cliff · May 24, 2026, 1:34pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:shawcottage.farm

I ran this command: Acquire certificate and install into cPanel

It produced this output:
Trouble...
urn:ietf:params:acme:error:malformed
Requested certificate was not found

My web server is (include version):Apache 2.4.67

The operating system my web server runs on is (include version):Linux

My hosting provider, if applicable, is:Namecheap

I can login to a root shell on my machine (yes or no, or I don't know):No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):cPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):Certsage 3.2.1

griffin · May 24, 2026, 10:01pm

I've heard of this before. I think it's a timing issue with the Let's Encrypt server. Please try acquiring a test cert. If that succeeds, try again acquiring and installing a production certificate.

MikeMcQ · May 25, 2026, 12:06am

I see from the CT logs there were two certs issued today for shawcottage.farm and another one a few days ago all by Let's Encrypt.

But, HTTPS requests to that domain are using a Sectigo cert. Could that be related? Interestingly, the Sectigo cert was issued nearly a year ago.

openssl s_client -connect shawcottage.farm:443 

Certificate chain
 0 s:CN=shawcottage.farm
   i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV R36
   a:PKEY: RSA, 2048 (bit); sigalg: sha384WithRSAEncryption
   v:NotBefore: Jun  8 00:00:00 2025 GMT; 
   NotAfter:    Jun  8 23:59:59 2026 GMT

Cliff · May 25, 2026, 9:28am

Running Test produces the same error.

griffin · May 25, 2026, 4:11pm

Yeah I just saw it in one of two tests myself. I'll see if adding a small delay at that point in the process reduces/eliminates this problem.

griffin · May 25, 2026, 5:32pm

After inserting a two-second delay before downloading the certificate, seven tests in a row were successful, so I'm going to call this a win. Releasing version 3.3.1 now with this change. Please let me know if the problem persists for you with this new version (or if you run into any other troubles, of course).

Version 3.3.1 is now available!

Cliff · May 25, 2026, 6:08pm

I tried a Test with 3.3.1 and it worked, but generating the actual certificate errored with 'generate certificate key failed'. Now when I run Test that also fails with the same error. I tried manually deleting the old Certsage entries from cPanel but that didn't help.

griffin · May 25, 2026, 6:10pm

Did you remember to update the $dataDirectory on line 19 of certsage.php after installing the new version?

griffin · May 25, 2026, 6:11pm

Odd that it would fail key generation though.

griffin · May 25, 2026, 6:13pm

What "old Certsage entries from cPanel" did you delete?

Cliff · May 25, 2026, 6:20pm

Yes, the data directory was updated correctly and Certsage is writing to it. I deleted all the entries except for password.txt and the image shows two files created after running Acquire Certificate and Install...

griffin · May 25, 2026, 6:24pm

Try loading CertSage fresh in a new tab/window then running a test. I'm not seeing a staging account key in your screenshot, but I am seeing a production account key.

griffin · May 25, 2026, 6:28pm

There's never really a reason to delete your account keys. The key generation that failed was for the certificate itself, which makes no sense if a test passed already. Seems like something changed after that successful test.

Cliff · May 25, 2026, 6:30pm

I ran test in a new window (and tried an incognito window) and got the same error but now see an additional key.

griffin · May 25, 2026, 6:31pm

What type of key do you have selected for the cert?

Cliff · May 25, 2026, 6:32pm

EC type

griffin · May 25, 2026, 6:33pm

Try a test with RSA please.

Cliff · May 25, 2026, 6:35pm

Test passed!!

griffin · May 25, 2026, 6:39pm

Sounds like your server doesn't support EC keys with a secp384r1 curve. Your first test was probably RSA then you switched to EC for your production attempt and later test. You'll need to work with your hosting configuration/provider if you want to use EC keys. Otherwise RSA should work fine. I'm guessing either you've been using RSA previously or your hosting configuration/provider made a change recently. That part of the CertSage code is very simple and hasn't changed in a very long time.

Cliff · May 25, 2026, 6:43pm

Yes, I think you are correct in me testing with RSA then switching to EC. I'll check with my hosting provider (Namecheap) about EC. However, when I try and acquire the RSA certificate I'm now getting an error: urn:ietf:params:acme:error:malformed
Requested certificate was not found

Topic		Replies	Views
CertSage: "Requested certificate was not found" ARI on DomainFactory webspace Help	15	238	March 1, 2026
CertSage Urn:ietf:params:acme:error:unauthorized Help	4	158	December 29, 2025
CertSage 3.0.0 Release Client dev	39	1763	October 9, 2025
Authorization still pending after 10 attempts Help	22	795	July 5, 2024
How do I obtain a certificate Help	89	10558	November 30, 2021

Certsage Urn:ietf:params:acme:error:malformed

Related topics