Everything works like a charm.... until I get to the point to finalize:-)
- base64url encoded csr (see completely below), validates totally ok.
- error from letsencrypt: algo (RS256) not supported
- deliberate used ES256, got a reminder: "Hey Peter, ES256? Whats that? Was expecting RS256"
- But but but... RS256 you say you don't know........
All info below. Anyone who can shed some light on my last 2 brain cells?
Peter
PS. @letsencrypt: completely different, but in some cases the url to retrieve a challenge is returned from your servers as /acme/challenge/ which subsequently gives an error, since it has to be /acme/chall-v3/... Just a friendly reminder!
---------------- communication --------------------
POST /acme/finalize/18069308/239322012 HTTP/1.1
Content-Type: application/jose+json
Content-Length: 2064
Host: acme-staging-v02.api.letsencrypt.org
Accept: /
Accept-Charset: ISO-8859-1,utf-8
Accept-Language: en-US
Connection: close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOlwvXC9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmdcL2FjbWVcL2FjY3RcLzE4MDY5MzA4Iiwibm9uY2UiOiIwMDAzY0gxanJtOXNMTVJjVi1uTkxjT090LVlMbHlhTlBIMm52bjZiMlF0YUVXayIsInVybCI6Imh0dHBzOlwvXC9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmdcL2FjbWVcL2ZpbmFsaXplXC8xODA2OTMwOFwvMjM5MzIyMDEyIn0","payload":"eyJjc3IiOiJNSUlDN2pDQ0FkWUNBUUF3TmpFVU1CSUdBMVVFQXd3TGNIVnJjR3gxY3k1amIyMHhIakFjQmdrcWhraUc5dzBCQ1FFV0QzTnpiRUJ3ZFd0d2JIVnpMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTENTTktYQVhWYUNUVXZISWVvTEppU2ZsWm5yWHp3VWIzSGJSZnFod1lXSy00R1hwQjhvLUVXT214eVBOSDdFTFJhRWdwMEZEVFZLSklHTmNvLUtfX1FkX2NQUlB2emFoSlFheV9CS0xoRmtxcmRFaXZGWVExaE0zVGRoSXNpaklCYU54U2xaMkRiUzVkeDEyM0tkWjJ2bVU0UHBZaDhuZXpmaXpiUlo2bnhsMmhCRlVGMUhiSFNuZ0R5UGV5S1FlRW5aNS1lVFFUcVFyazJEY0F0SUVBUGkwLTZCTlFpUEtnSE1rczlfVXIzNWZBbWY3dm1WRHZXdEF2YXFOUnk5aDJzMFVTOUdqZlZPMl9Ea003THZHYXhYTFlFRHYxMjQ4WWpuNWR4VVFSb19JcE5LX1YzLXg4UzRFN3A4YjBqU01HQnlxME9MdVNIcGlERlZnMktEZkpNQ0F3RUFBYUJ6TUhFR0NTcUdTSWIzRFFFSkRqRmtNR0l3Q1FZRFZSMFRCQUl3QURBTEJnTlZIUThFQkFNQ0JlQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUNrR0ExVWRFUVFpTUNDQ0QzZDNkeTV3ZFd0d2JIVnpMbU52YllJTktpNXdkV3R3YkhWekxtTnZiVEFOQmdrcWhraUc5dzBCQVFRRkFBT0NBUUVBS2ZzUHBKdXl2bzhPQjdMOEh1OTFtemxSYXhBX2R1XzBSWVdwb0x4dUhFaHJzaHBDMFhlN05rcUtUTFZpRm4xUzI2V1M5WWgzRUk0Q1hPNlNabFYwNW9ZNU41SjQzWmtOdUFaZXY2N0hNOVFtMi1FVnRCZ3p4MGhzc1RJdkRid2pXLUJGTGZYblNFZGNhWVd0bXNfY3JPWWMxX3k0QkJZY3hZME5oZ3dRTEstNlQzQlFtZzczZ2RNZUpDdXdMYTVNcGVoQmdoV01xR3RUc01jS0dvam42U3FuaGZKb2E4Q0hfWGhOOVMteDJISUpqQnZVRW1kWEFLTVVIUDNvZ002VkRsUVE0RGpMRnRzXzkzOWlqR2VQY25yQklLb2g2RlJCcUpHa0ozOGJacExhanNYY3pKVERHVm5OMm56eXdST29NNDl5bGJEQnZETF9mMjlSV3lhYjlnIn0","signature":"CJVtCbP53dwe5Vx9q0Ymj9Vf42D80DeoOWynCjzSeMLdXyu-KEASbkuFWPbfIJZcOdnviMGBej-HPjvHhJWYwZG4BQdotc4t8u6wxSYvGsX3Yz5l6FGTJlZx4LIwHY85d_vjC34N1S9MFazli447ZvntFYDB1T4S3Km9Mb7qQrfrERUaf9uowwijO6ns-Jk9toOLxQJTIfj9ZAl1oAerkdOfTEU9N3rjelwcJkIGd-vtAQSPn-wVzflKTPx-PhuKA5dffDvA1o_K6IT1UVSPX_x8lvveXW77P-vJE5-YTWKyPk1eJeb94iL85o7tCUliYUqpg4yu6GvDX1pfIm9pgA"}
---------------- normalized --------------------
payload = Array
(
[csr] => MIIC7jCCAdYCAQAwNjEUMBIGA1UEAwwLcHVrcGx1cy5jb20xHjAcBgkqhkiG9w0BCQEWD3NzbEBwdWtwbHVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCSNKXAXVaCTUvHIeoLJiSflZnrXzwUb3HbRfqhwYWK-4GXpB8o-EWOmxyPNH7ELRaEgp0FDTVKJIGNco-K__Qd_cPRPvzahJQay_BKLhFkqrdEivFYQ1hM3TdhIsijIBaNxSlZ2DbS5dx123KdZ2vmU4PpYh8nezfizbRZ6nxl2hBFUF1HbHSngDyPeyKQeEnZ5-eTQTqQrk2DcAtIEAPi0-6BNQiPKgHMks9_Ur35fAmf7vmVDvWtAvaqNRy9h2s0US9GjfVO2_DkM7LvGaxXLYEDv1248Yjn5dxUQRo_IpNK_V3-x8S4E7p8b0jSMGByq0OLuSHpiDFVg2KDfJMCAwEAAaBzMHEGCSqGSIb3DQEJDjFkMGIwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMCkGA1UdEQQiMCCCD3d3dy5wdWtwbHVzLmNvbYINKi5wdWtwbHVzLmNvbTANBgkqhkiG9w0BAQQFAAOCAQEAKfsPpJuyvo8OB7L8Hu91mzlRaxA_du_0RYWpoLxuHEhrshpC0Xe7NkqKTLViFn1S26WS9Yh3EI4CXO6SZlV05oY5N5J43ZkNuAZev67HM9Qm2-EVtBgzx0hssTIvDbwjW-BFLfXnSEdcaYWtms_crOYc1_y4BBYcxY0NhgwQLK-6T3BQmg73gdMeJCuwLa5MpehBghWMqGtTsMcKGojn6SqnhfJoa8CH_XhN9S-x2HIJjBvUEmdXAKMUHP3ogM6VDlQQ4DjLFts_939ijGePcnrBIKoh6FRBqJGkJ38bZpLajsXczJTDGVnN2nzywROoM49ylbDBvDL_f29RWyab9g
)
protected = Array
(
[alg] => RS256
[kid] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/18069308
[nonce] => 0003cH1jrm9sLMRcV-nNLcOOt-YLlyaNPH2nvn6b2QtaEWk
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/finalize/18069308/239322012
)
signature = 342 octets -> CJVtCbP53dwe5Vx9q0Ymj9Vf42D80DeoOWynCjzSeMLdXyu-KEASbkuFWPbfIJZcOdnviMGBej-HPjvHhJWYwZG4BQdotc4t8u6wxSYvGsX3Yz5l6FGTJlZx4LIwHY85d_vjC34N1S9MFazli447ZvntFYDB1T4S3Km9Mb7qQrfrERUaf9uowwijO6ns-Jk9toOLxQJTIfj9ZAl1oAerkdOfTEU9N3rjelwcJkIGd-vtAQSPn-wVzflKTPx-PhuKA5dffDvA1o_K6IT1UVSPX_x8lvveXW77P-vJE5-YTWKyPk1eJeb94iL85o7tCUliYUqpg4yu6GvDX1pfIm9pgA
-------------------------- SERVER RESPONSE -------------------------------
Array
(
[status] => 400
[headers] => Array
(
[server] => nginx
[date] => Sat, 13 Feb 2021 03:07:42 GMT
[content-type] => application/problem+json
[content-length] => 141
[connection] => close
[boulder-requester] => 18069308
[cache-control] => public, max-age=0, no-cache
[link] => https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
[replay-nonce] => 0003TylqzuBwnOu1Au-D88JFIY0bdLDODHgcsVM1CnGoLaI
)
[body] => {
"type": "urn:ietf:params:acme:error:badCSR",
"detail": "Error finalizing order :: signature algorithm not supported",
"status": 400
}
)
-----BEGIN CERTIFICATE REQUEST-----
MIIC7jCCAdYCAQAwNjEUMBIGA1UEAwwLcHVrcGx1cy5jb20xHjAcBgkqhkiG9w0B
CQEWD3NzbEBwdWtwbHVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOzwZIGywKkDJl5MEtsuOFYCqut79Ue3OO75XXpHMhBeiipVPAP2YvkbOyFs
QUvfq7+SofApydtYz5cV1EPqS7w9xUm5dd7VBXUg5sK/UOFK7k68oNyq/yPdk/1z
j4tmcYtNjiTRxI12LMfbBhg7YeyV8gCDMMqdz9tttz0rKXY+01eYkq8F3Q7bFFnT
rg/5ChOWzzKTBgatzSQ0CvAQFE3qcWgJhjlSYFLhLfDQd+pLz+0j5MnBf+vFD/5b
lYPbYVZJUj3ExEyRmX2Lzjn4hBTQHaBCuujsCwtjgUekWmcymj18c1mYLIlPRLBG
z+Bc4BjYRTdDjCI8uhDVOhEoxl8CAwEAAaBzMHEGCSqGSIb3DQEJDjFkMGIwCQYD
VR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
BwMBMCkGA1UdEQQiMCCCD3d3dy5wdWtwbHVzLmNvbYINKi5wdWtwbHVzLmNvbTAN
BgkqhkiG9w0BAQQFAAOCAQEAzwROOL8odC3/6MVYVE8x1t19ucPy++hQZJ0BAlkZ
pPsX52R3ZGkMHhean03iiVbFS5+vCwp0MB5xe2QZoOC1SA/BNeO9UDqczkPI9rZN
ECO1FNEI5xGJYuQBID1RSXcJsKtQ6wjLhyl17bfq7Q5vj93DhrVxfaNe+hJMIXjQ
QrF+QMStmW6TwFXFCvp3APgSHAvQlxjgm4km+C381g729xWTkwM3QD+RH/ARieO8
cD4uEeKRGNEk8b+LANeFMp2bFtkISpu6TnrUS/WvmBcLEsxNcDxhxsx7vjJ43kLI
A0ur7WcnGzjQW7+5r79Be67KUCrcdu2hUkhMVjUWGm9Qdw==
-----END CERTIFICATE REQUEST-----