Error renew from Windows Certes

webprofusion · July 11, 2022, 7:30am

The thing that's interesting is that the error is an ACME error from Let's Encrypt itself, Certes is just reporting the error is receives. The most obvious thing would be failure to read the private account key resulting in a malformed key signature being used. Can you add some logging to your app to ensure that the account key you have previously saved is reading OK?

mmsw · July 11, 2022, 11:24am

Hello

thanks for your help.
Here is my code:

                Dim myAcme As AcmeContext
                Dim myAccount
                Dim myAcmeHttpClient As AcmeHttpClient
                If myPemKey = "" Then
                    myAcme = New AcmeContext(WellKnownServers.LetsEncryptV2)
                    myAccount = Await myAcme.NewAccount(My.Settings.acmeEmail, True)
                    myPemKey = myAcme.AccountKey.ToPem()
                Else
                    myAcme = New AcmeContext(WellKnownServers.LetsEncryptV2, KeyFactory.FromPem(myPemKey))
                    myAccount = Await myAcme.Account
                End If
                myAcmeHttpClient = New AcmeHttpClient(WellKnownServers.LetsEncryptV2)

This line fails:

myAccount = Await myAcme.NewAccount(My.Settings.acmeEmail, True)

What do you think to log?
Miroslav

webprofusion · July 12, 2022, 1:58am

What populates the previously saved myPemKey and will it always load the same file? If it's reading from a user profile for instance it may have a different result depending on how the user. I'm not sure what the API response would be if the wrong account key was used.

You would only call NewAccount once, then save the account key (and optionally the account URI) somewhere.

    pemKey = _acme.AccountKey.ToPem();
    accountUri =  (await _acme.Account()).Location.ToString();

Subsequent runs of the app should only be loading the existing account key, not calling NewAccount (that would attempt to create a duplicate registration with Let's Encrypt, which may be the problem).

[edit: I'd be interested to know why you decided not to use an existing windows client such as my https://certifytheweb.com app - It's fun to write you're own stuff but it's not generally necessary]

mmsw · July 12, 2022, 1:32pm

Hello,

the utility runs every week.
myPemKey is emty at the start.
Than loop for each certificate to renew follows using same account.

Thank you for your utility offer - i will check it out.

Yesterday my program run successfully after resaving password in scheduler.
Strange.

system · August 11, 2022, 1:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.