How do I debug this?

dannybackx · December 26, 2019, 8:44am

Hi,
I’m in the process of writing an ACME client library for esp32. I’m almost there : debugging the finalize step now.
I have trouble getting more info about my next error. Are there logs to the staging server that can help me ?

I (11595) Acme: FinalizeOrder: PerformWebQuery -> {
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “JWS verification error”,
“status”: 400
}
E (11605) Acme: FinalizeOrder: failure 400 urn:ietf:params:acme:error:malformed JWS verification error

Or did I make an obvious error that I’m not seeing ?

Thanks,
Danny

I (9175) Acme: MakeMessageKID(https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11649655/66792138,MIICZDCCAUwCAQAwHzEdMBsGA1UEAxMUZGFubnliYWNreC5ob3B0by5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4ET0RjeZ4UZybrQ3M-6EUe5jOHMG7XW3OIu15ilMOouTp-q97dzfIgPel6rX_YlZmXyTJRftyxFUJtgBrG2WXeCWXIG3HMdx9GRv9sMYI5u6nUQp-LjbRGxsfPWUV9MDvOnv_fQCGT1xTCq7SYK30fFQ0HWvlFIfhp0mZwKTw7y59pEVS9NJQ2imJgQOOv7fc98odH9Yy4W7R-iiYaN4aWXaO4YY5tJSfChISVCt9760fm70IVslsbxn8d2TvPkedYKId6QQsRWl7hs38yzED5AP9SiwlRHw5LrH_lJNsbdnQv6tvH9laO6d1g82FA2z3tren0u1DBbTCA5xQ69_AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAnrNETLrJM1Ee29kBosS3AFP5uGa7zeejWu7UxPldMgbw6j7hN1cLrXVkjJhipwCB3CND-tXg8_g77vPoDPNXTQH0EjqlRaFj0OHiFGNCxqrhU55N6ssTK2_qc-WfF3W9Qhne7l17wZ1-2JGJSYjKkp_6RrjHli1Zxn5UhtUdZbQbQB0iMsmeDSuN0qiRBMiIXxIicsx7Gex7UDivp0TWSu1yGAqyFTZb6BrfU8zpkvRYwbYQz4QR2o7vag3lZHOLp-MFuywzcJ3Q2dlUMbRXasNsGzOPYoUBhHCv8C9miDo2MuEHaphZ4HmcTXGzMuiHNfTUUi-G19L9TJ3SF_SNpQ)
I (9795) Acme: FinalizeOrder : msg {
“protected”: “eyJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwMWJSZ2xCQUZlQ0tPckkyT1pyWi05WE9uVms0V2R1VkVscVZ6YzZYQzJmZDgiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvMTE2NDk2NTUvNjY3OTIxMzgiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMTY0OTY1NSJ9”,
“payload”: “TUlJQ1pEQ0NBVXdDQVFBd0h6RWRNQnNHQTFVRUF4TVVaR0Z1Ym5saVlXTnJlQzVvYjNCMGJ5NXZjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREI0RVQwUmplWjRVWnliclEzTS02RVVlNWpPSE1HN1hXM09JdTE1aWxNT291VHAtcTk3ZHpmSWdQZWw2clhfWWxabVh5VEpSZnR5eEZVSnRnQnJHMldYZUNXWElHM0hNZHg5R1J2OXNNWUk1dTZuVVFwLUxqYlJHeHNmUFdVVjlNRHZPbnZfZlFDR1QxeFRDcTdTWUszMGZGUTBIV3ZsRklmaHAwbVp3S1R3N3k1OXBFVlM5TkpRMmltSmdRT092N2ZjOThvZEg5WXk0VzdSLWlpWWFONGFXWGFPNFlZNXRKU2ZDaElTVkN0OTc2MGZtNzBJVnNsc2J4bjhkMlR2UGtlZFlLSWQ2UVFzUldsN2hzMzh5ekVENUFQOVNpd2xSSHc1THJIX2xKTnNiZG5RdjZ0dkg5bGFPNmQxZzgyRkEyejN0cmVuMHUxREJiVENBNXhRNjlfQWdNQkFBR2dBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbnJORVRMckpNMUVlMjlrQm9zUzNBRlA1dUdhN3plZWpXdTdVeFBsZE1nYnc2ajdoTjFjTHJYVmtqSmhpcHdDQjNDTkQtdFhnOF9nNzd2UG9EUE5YVFFIMEVqcWxSYUZqME9IaUZHTkN4cXJoVTU1TjZzc1RLMl9xYy1XZkYzVzlRaG5lN2wxN3daMS0ySkdKU1lqS2twXzZScmpIbGkxWnhuNVVodFVkWmJRYlFCMGlNc21lRFN1TjBxaVJCTWlJWHhJaWNzeDdHZXg3VURpdnAwVFdTdTF5R0FxeUZUWmI2QnJmVTh6cGt2Ull3YllRejRRUjJvN3ZhZzNsWkhPTHAtTUZ1eXd6Y0ozUTJkbFVNYlJYYXNOc0d6T1BZb1VCaEhDdjhDOW1pRG8yTXVFSGFwaFo0SG1jVFhHek11aUhOZlRVVWktRzE5TDlUSjNTRl9TTnBR”,
“signature”: “nEfAWKoYQwVRvvzx9aNt3SjbsCfliG9hgM3zMeXXYIuQ7xehKzmMbJ3vau47w61dCHFBdckJVnRTrxFBfCWK-QdxxFGaVuwzYNj6mf2RsxBRdCQWAVf-TgSKuWQ9Kv65ZDehhy4BbklAOUMHw4PM2R0mzFNrB4OQOKmgIpiDlyTgtS016CYgocN2FhaM-_EKFSv8mUoULg”
}
I (9935) Acme: PerformWebQuery: set_post_field length 1671
I (11125) FTP Server: 26-12-2019 08:19:01 : 220 LightFTP server v2.0a ready
I (11535) Acme: HttpEvent: header Server value nginx
I (11535) Acme: HttpEvent: header Date value Thu, 26 Dec 2019 07:19:02 GMT
I (11535) Acme: HttpEvent: header Content-Type value application/problem+json
I (11545) Acme: HttpEvent: header Content-Length value 107
I (11555) Acme: HttpEvent: header Connection value keep-alive
I (11555) Acme: HttpEvent: header Boulder-Requester value 11649655
I (11565) Acme: HttpEvent: header Cache-Control value public, max-age=0, no-cache
I (11575) Acme: HttpEvent: header Link value https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
I (11585) Acme: HttpEvent: header Replay-Nonce value 00025NerwYzXwK4_IwzoAigiK7mNdOuVY9ZkQMbaSWvaxqA
I (11595) Acme: FinalizeOrder: PerformWebQuery -> {
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “JWS verification error”,
“status”: 400
}
E (11605) Acme: FinalizeOrder: failure 400 urn:ietf:params:acme:error:malformed JWS verification error

See http://svn.code.sf.net/p/esp32-acme-client/code/trunk/

JuergenAuer · December 26, 2019, 9:08am

Hi @dannybackx

dannybackx:

“payload”: “TUlJQ1pEQ0NBVXdDQVFBd0h6RWRNQnNHQTFVRUF4TVVaR0Z1Ym5saVlXTnJlQzVvYjNCMGJ5NXZjbWN3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREI0RVQwUmplWjRVWnliclEzTS02RVVlNWpPSE1HN1hXM09JdTE1aWxNT291VHAtcTk3ZHpmSWdQZWw2clhfWWxabVh5VEpSZnR5eEZVSnRnQnJHMldYZUNXWElHM0hNZHg5R1J2OXNNWUk1dTZuVVFwLUxqYlJHeHNmUFdVVjlNRHZPbnZfZlFDR1QxeFRDcTdTWUszMGZGUTBIV3ZsRklmaHAwbVp3S1R3N3k1OXBFVlM5TkpRMmltSmdRT092N2ZjOThvZEg5WXk0VzdSLWlpWWFONGFXWGFPNFlZNXRKU2ZDaElTVkN0OTc2MGZtNzBJVnNsc2J4bjhkMlR2UGtlZFlLSWQ2UVFzUldsN2hzMzh5ekVENUFQOVNpd2xSSHc1THJIX2xKTnNiZG5RdjZ0dkg5bGFPNmQxZzgyRkEyejN0cmVuMHUxREJiVENBNXhRNjlfQWdNQkFBR2dBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbnJORVRMckpNMUVlMjlrQm9zUzNBRlA1dUdhN3plZWpXdTdVeFBsZE1nYnc2ajdoTjFjTHJYVmtqSmhpcHdDQjNDTkQtdFhnOF9nNzd2UG9EUE5YVFFIMEVqcWxSYUZqME9IaUZHTkN4cXJoVTU1TjZzc1RLMl9xYy1XZkYzVzlRaG5lN2wxN3daMS0ySkdKU1lqS2twXzZScmpIbGkxWnhuNVVodFVkWmJRYlFCMGlNc21lRFN1TjBxaVJCTWlJWHhJaWNzeDdHZXg3VURpdnAwVFdTdTF5R0FxeUZUWmI2QnJmVTh6cGt2Ull3YllRejRRUjJvN3ZhZzNsWkhPTHAtTUZ1eXd6Y0ozUTJkbFVNYlJYYXNOc0d6T1BZb1VCaEhDdjhDOW1pRG8yTXVFSGFwaFo0SG1jVFhHek11aUhOZlRVVWktRzE5TDlUSjNTRl9TTnBR”,

checking your payload (decoding the base64) the result:

MIICZDCCAUwCAQAwHzEdMBsGA1UEAxMUZGFubnliYWNreC5ob3B0by5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4ET0RjeZ4UZybrQ3M-6EUe5jOHMG7XW3OIu15ilMOouTp-q97dzfIgPel6rX_YlZmXyTJRftyxFUJtgBrG2WXeCWXIG3HMdx9GRv9sMYI5u6nUQp-LjbRGxsfPWUV9MDvOnv_fQCGT1xTCq7SYK30fFQ0HWvlFIfhp0mZwKTw7y59pEVS9NJQ2imJgQOOv7fc98odH9Yy4W7R-iiYaN4aWXaO4YY5tJSfChISVCt9760fm70IVslsbxn8d2TvPkedYKId6QQsRWl7hs38yzED5AP9SiwlRHw5LrH_lJNsbdnQv6tvH9laO6d1g82FA2z3tren0u1DBbTCA5xQ69_AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAnrNETLrJM1Ee29kBosS3AFP5uGa7zeejWu7UxPldMgbw6j7hN1cLrXVkjJhipwCB3CND-tXg8_g77vPoDPNXTQH0EjqlRaFj0OHiFGNCxqrhU55N6ssTK2_qc-WfF3W9Qhne7l17wZ1-2JGJSYjKkp_6RrjHli1Zxn5UhtUdZbQbQB0iMsmeDSuN0qiRBMiIXxIicsx7Gex7UDivp0TWSu1yGAqyFTZb6BrfU8zpkvRYwbYQz4QR2o7vag3lZHOLp-MFuywzcJ3Q2dlUMbRXasNsGzOPYoUBhHCv8C9miDo2MuEHaphZ4HmcTXGzMuiHNfTUUi-G19L9TJ3SF_SNpQ

Looks like a Certificate signing request. But that's not the correct payload.

Must be something like (not checked)

{"csr": "Your CSR"}

not only the raw CSR.

dannybackx · December 26, 2019, 12:38pm

Thanks, it’s amazing how much an additional pair of eyes can help

system · January 25, 2020, 12:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.