jelmd
March 14, 2019, 8:03am
1
Just tested to get a certificate for www.example.net and LE answered with an invalid JSON object:
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://www.example.net/.well-known/acme-challenge/rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM [2606:2800:220:1:248:1893:25c8:1946]: “\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\“utf-8\” /\u003e\n \u003cmeta http-equiv=\“Content-type””,
“status”: 403
},
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/CEnjQUVi9NA2JuEj34gCQHwm-SAcQUfUBVkEWvrhu10/270252399 ”,
“token”: “rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM”,
“validationRecord”: [
{
“url”: “http://www.example.net/.well-known/acme-challenge/rPHlsBIunU9QBvWOx0pOPtqQK0YjnYmrPVZS3_Ap6fM ”,
“hostname”: “www.example.net ”,
“port”: “80”,
“addressesResolved”: [
“93.184.216.34”,
“2606:2800:220:1:248:1893:25c8:1946”
],
“addressUsed”: “2606:2800:220:1:248:1893:25c8:1946”
}
]
}
Are there any plans to fix correct quoting of error.detail?
jelmd
March 14, 2019, 8:10am
2
error-response.js (1.0 KB)
Hmmm - even this app doesn’t quote correctly and presents garbage for “preformatted” text. So uploaded the response
_az
March 14, 2019, 8:19am
3
It seems extremely unlikely that Boulder would generate an invalid JSON response, as that would mean that there is a major bug in Go’s encoding/json
package.
I tried the same request using Certbot, and extracted the HTTP response from the log file. It was valid JSON. I’ve included it below:
{
"identifier": {
"type": "dns",
"value": "www.example.net"
},
"status": "invalid",
"expires": "2019-03-21T08:17:45Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://www.example.net/.well-known/acme-challenge/25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50 [2606:2800:220:1:248:1893:25c8:1946]: \"\u003c!doctype html\u003e\\n\u003chtml\u003e\\n\u003chead\u003e\\n \u003ctitle\u003eExample Domain\u003c/title\u003e\\n\\n \u003cmeta charset=\\\"utf-8\\\" /\u003e\\n \u003cmeta http-equiv=\\\"Content-type\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279692",
"token": "25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50",
"validationRecord": [
{
"url": "http://www.example.net/.well-known/acme-challenge/25hfq0pzgb4ym6_0LL00quUYb5ereFcra_yPMw5jd50",
"hostname": "www.example.net",
"port": "80",
"addressesResolved": [
"93.184.216.34",
"2606:2800:220:1:248:1893:25c8:1946"
],
"addressUsed": "2606:2800:220:1:248:1893:25c8:1946"
}
]
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279693",
"token": "R5Ml1iqSHrXQAlF8GW61sZZ2uQRIteJMfVxV7pwrHpU"
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/gPnacY8k3oNwzPcSKYR9KKdao0aB8JaxdQMUZGdGsZ8/270279694",
"token": "KUVgwe2TowDmnml-71xN0tO60RgK9li5A3wD5jRrv6g"
}
]
}
1 Like
_az
March 14, 2019, 8:27am
4
The only thing I can think of is that in the past, there was a problem relating to invalid UTF-8 in HTTP responses , but it only manifested itself by causing errors in the RPC transport used internally by Let’s Encrypt. It never affected client-facing responses and was subsequently fixed.
Do you have some code that reproduces the decoding issue?
1 Like
jelmd
March 14, 2019, 8:53am
5
Ah ok, found the problem: when printing to the pipe escapes got interpreted by print :(. Sorry for the noise
1 Like
system
Closed
April 13, 2019, 8:53am
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.