Can you show me working example? I try to call https://acme-staging-v02.api.letsencrypt.org/acme/new-acct with
request like this
{“protected”:“eyJhbGciOiJFUzI1NiIsImp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6ImE3VWpEb1lrUi03OG56VzdWcjh6T3BqRHI1SGF2cEtJbW1waGtfM1NvdnciLCJ5IjoiWlZqRnlLSnRvR3lIaWxZdDRtYVBXX1doYWNDdERpSGx2N1JUNTJhdUJnZyJ9LCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsIm5vbmNlIjoiMldySU1OSjlIUDk4OUxNbnItRkpoNnBNRVE3aXNLODF4UEJLRTZkMy1NZyIsInR5cCI6IkpXUyJ9”,“payload”:“eyJjb250YWN0IjpbIm1haWx0bzpzcGVndWxvQG1haWwucnUiXSwidGVybXNPZlNlcnZpY2VBZ3JlZWQiOnRydWUsInJlc291cmNlIjoibmV3QWNjb3VudCIsImlhdCI6IjE1NDc0NTUwOTkifQ”,“signature”:“MEUCIDa5GvDp5L04IRdeUuXZE4v3gkNLjT0OJtL3WAHMgdP1AiEA0PxjZ2U0ZAOULOcSQLOQGr0mP8828nM6REGuHMvMm2M”}
which signed byDERtoECDSA decoding, but always have
{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “JWS verification error”,
“status”: 400
}
I don’t have it in front of me anymore, but I believe:
The url was pointing to the production domain (but you said it’s for acme-staging-v02). This would cause the request to fail.
The resource field was present in the protected header, but this doesn’t exist in ACME v2 (it’s from ACME v1). I’m not sure whether this would be a fatal error.
iat in payload (but this is probably not fatal).
typ in protected header (but this is probably not fatal)
Your current “JWS verification error” is caused by the 71-byte signature, but once you get past that, the error message should change - so you’ll know you’re making progress.