@mbleigh could you post the Node.js code you used to successfully generate the fingerprint/thumbprint? I think I’m doing what’s in boulder/test/js
, but every time I attempt to reply to the challenge I get:
{
"type": "urn:acme:error:malformed",
"detail": "Unable to update challenge :: Provided key authorization was incorrect",
"status": 400
}
Here’s how I’m generating my TXT record and keyAuthorization to include in challenge response:
const jwk = rsaPemToJwk(PRIVATE_KEY, {use: "sig"}, "public");
const input = `{"e":"${jwk.e}","kty":"RSA","n":"${jwk.n}"}`;
const thumbprint = UrlSafeBase64.encode(crypto.createHash("sha256").update(input).digest());
const keyAuthorization = `${CHALLENGE_TOKEN}.${thumbprint}`;
const recordName = `_acme-challenge.${DOMAIN}.`
console.log(
{
recordName,
txt: UrlSafeBase64.encode(crypto.createHash("sha256").update(keyAuthorization).digest()),
keyAuthorization
});
update: for what it’s worth, I looked at https://tools.ietf.org/html/rfc7638 and my code computes the thumbprint in the example “3.1. Example JWK Thumbprint Computation”, that is, I get NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs
update 2 [resolved]: my problem was leading zeros hiding in urlbase64 encoding, see Trouble with keyAuthorization for DNS ("Provided key authorization was incorrect") [SOLVED]