Issue with invalid Key Authorization

Hi there,

I've got a question regarding the computation of the key authorization as it seems like I'm missing something.

My function currently looks like this for HTTP-01:

TOKEN.BASE64URL(SHA256(JSON(SORT(JWK(Account's Public Key)))))

For DNS-01, I also hash the result of the function above with SHA256 again.

JWK, Challenge, and my computed Key Authorization


A snippet from my JS code
let thumbprint = sort(jrs.KEYUTIL.getJWKFromKey(accountKeypair.pubKeyObj));
thumbprint = JSON.stringify(thumbprint);
thumbprint = crypto.createHash('sha256').update(thumbprint).digest('base64');
thumbprint = base64url(thumbprint);
let keyAuthorization = `${challenge.token}.${thumbprint}`;

I verified that the functions are working as intended by trying the example from the RFC. So I'm wondering what I missed.

Hope someone has any idea how I might fix this. Sorry for bothering you :sweat_smile:

1 Like

And which error are you getting from Boulder?


Welcome to the Let's Encrypt Community, Tom :slightly_smiling_face:

See my code sample here:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.