Invalid Server response

Just tested to get a certificate for www.example.net and LE answered with an invalid JSON object:
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://www.example.net/.well-known/acme-challenge/rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM [2606:2800:220:1:248:1893:25c8:1946]: “\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\“utf-8\” /\u003e\n \u003cmeta http-equiv=\“Content-type””,
“status”: 403
},
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/CEnjQUVi9NA2JuEj34gCQHwm-SAcQUfUBVkEWvrhu10/270252399”,
“token”: “rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM”,
“validationRecord”: [
{
“url”: “http://www.example.net/.well-known/acme-challenge/rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM”,
“hostname”: “www.example.net”,
“port”: “80”,
“addressesResolved”: [
“93.184.216.34”,
“2606:2800:220:1:248:1893:25c8:1946”
],
“addressUsed”: “2606:2800:220:1:248:1893:25c8:1946”
}
]
}

Are there any plans to fix correct quoting of error.detail?

error-response.js (1.0 KB)

Hmmm - even this app doesn’t quote correctly and presents garbage for “preformatted” text. So uploaded the response :wink:

It seems extremely unlikely that Boulder would generate an invalid JSON response, as that would mean that there is a major bug in Go’s encoding/json package.

I tried the same request using Certbot, and extracted the HTTP response from the log file. It was valid JSON. I’ve included it below:

{
  "identifier": {
    "type": "dns",
    "value": "www.example.net"
  },
  "status": "invalid",
  "expires": "2019-03-21T08:17:45Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://www.example.net/.well-known/acme-challenge/25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50 [2606:2800:220:1:248:1893:25c8:1946]: \"\u003c!doctype html\u003e\\n\u003chtml\u003e\\n\u003chead\u003e\\n    \u003ctitle\u003eExample Domain\u003c/title\u003e\\n\\n    \u003cmeta charset=\\\"utf-8\\\" /\u003e\\n    \u003cmeta http-equiv=\\\"Content-type\"",
        "status": 403
      },
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279692",
      "token": "25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50",
      "validationRecord": [
        {
          "url": "http://www.example.net/.well-known/acme-challenge/25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50",
          "hostname": "www.example.net",
          "port": "80",
          "addressesResolved": [
            "93.184.216.34",
            "2606:2800:220:1:248:1893:25c8:1946"
          ],
          "addressUsed": "2606:2800:220:1:248:1893:25c8:1946"
        }
      ]
    },
    {
      "type": "tls-alpn-01",
      "status": "invalid",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279693",
      "token": "R5Ml1iqSHrXQAlF8GW61sZZ2uQRIteJMfVxV7pwrHpU"
    },
    {
      "type": "dns-01",
      "status": "invalid",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279694",
      "token": "KUVgwe2TowDmnml-71xN0tO60RgK9li5A3wD5jRrv6g"
    }
  ]
}
1 Like

The only thing I can think of is that in the past, there was a problem relating to invalid UTF-8 in HTTP responses, but it only manifested itself by causing errors in the RPC transport used internally by Let’s Encrypt. It never affected client-facing responses and was subsequently fixed.

Do you have some code that reproduces the decoding issue?

1 Like

Ah ok, found the problem: when printing to the pipe escapes got interpreted by print :(. Sorry for the noise :wink:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.