Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
stiicksandstonesmaybreakmybonesbutnameswillneverhurtme.com
I ran this command: from the terminal:
./dehydrated -c --accept-terms -fc -4 -d sticksandstonesmaybreakmybonesbutnameswillneverhurtme.com -x --force-validation -o /certs/sticksandstonesmaybreakmybonesbutnameswillneverhurtme.com -t http-01 -a secp384r1
It produced this output:
Processing sticksandstonesmaybreakmybonesbutnameswillneverhurtme.com
- Creating new directory /certs/sticksandstonesmaybreakmybonesbutnameswillneverhurtme.com/sticksandstonesmaybreakmybonesbutnameswillneverhurtme.com ...
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting new certificate order from CA...
- ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
Details:
HTTP/2 400
server: nginx
date: Sat, 28 Sep 2024 13:10:01 GMT
content-type: application/problem+json
content-length: 107
boulder-requester: 1889822956
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: mdHBMg8Kl7GlSNVdaOJ_mY3mn2rUxJNt0MY5pTjRqs2uFn1gC3M
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "JWS verification error",
"status": 400
}
info
My web server is (include version): nginx 1.27.1
The operating system my web server runs on is (include version):
Devuan/chimaera x86_64
My hosting provider, if applicable, is: self-hosetd
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): BOA/AEgir for drupal
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): using dehydrated 0.7.2: dehydrated modified · GitHub
Other useful info:
server1:~# curl --version
curl 8.9.1 (x86_64-pc-linux-gnu) libcurl/8.9.1 OpenSSL/3.0.15 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.0 nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.4.57
Release-Date: 2024-07-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP UnixSockets
(curl could be update to 8.10.1 and zstd compression and HTTP/1.1 added - would this help ?)
dehydrated script is here: dehydrated modified · GitHub