Http-01 challenge issue

somethingnew · January 4, 2018, 10:07pm

I cannot get pass the challenge. I am using azure cloud service and I am building a multi tenant application.

I am saving the key authorization on a storage table and then I am listening on the server requests. I get the request just fine and I am validating the request and it’s all good. I am sending the key back but I am getting this strange result:

“detail”: “Invalid response from http://*****/.well-known/acme-challenge/1Jp1LnlUvAGt-mVjUgZzHH1Dp4Q-LKKIlTL9rU4ZsK4: “1Jp1LnlUvAGt-mVjUgZzHH1Dp4Q-LKKIlTL9rU4ZsK4.tK4YZJZHoAUSjwQyNYRediFsjxTyGSqNJ6LgNNpSmTY1Jp1LnlUvAGt-mVjUgZzHH1Dp4Q-LKKIlTL9rU4Zs””,

The key is not the key that I am sending over, it looks like it starts over with the token.

This is the authorization key:
1Jp1LnlUvAGt-mVjUgZzHH1Dp4Q-LKKIlTL9rU4ZsK4.tK4YZJZHoAUSjwQyNYRediFsjxTyGSqNJ6LgNNpSmTY

What ma I doing wrong?

_az · January 4, 2018, 10:22pm

From the ACME spec:

key-authz = token || '.' || base64url(JWK_Thumbprint(accountKey))

As you point out, the token appears to be repeated at the end of the valid key-authz.

I don't think that Boulder is mistaken about what it read off the HTTP response - it will read upto 128 bytes and then return the buffer in the error message.

Perhaps double check what you are sending in a packet capture, or curl, or post your entire HTTP handler code for us to take a look.

somethingnew · January 4, 2018, 10:56pm

        var key = await manager.ResolveChallenge(uri);

        context.Response.ContentType = "text/plain";

        if (string.IsNullOrWhiteSpace(key))
        {
            context.Response.StatusCode = 500;
            context.Response.Write("not found.");

            return true;
        }

        //log.WriteLine("Write: " + key);

        context.Response.StatusCode = 200;

        var requestData = Encoding.UTF8.GetBytes(key);
        await context.Response.WriteAsync(requestData);

This is all that the http handler does. Just gets the key and sends it over, nothing more. If the request is not valid then the key is null. I tried to send over the key as string and I get nothing in return.

This is an example of key sent as string error:
“detail”: “The key authorization file from the server did not match this challenge [hdYJoWVKvzXUX_gh64Pa9Q19FKSVzKsCitufZQ2gs84.4PgYJQXO1VXgITBJUr2JRuzKCGdSbzCy9XHAZYiaDZ8] != []”,

somethingnew · January 4, 2018, 11:20pm

Hmmm … works fine now … not sure what it was.

Thanks for your time!

system · February 3, 2018, 11:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.