Issues making certificates

dedady157 · March 22, 2019, 9:17pm

ok i’v looked into it, for some reason firefox doesn’t load the page at all. ill look into fixing that, maybe it will fix the other issue as well

and when i mean it doesnt load, it doesnt parse the responce as a http responce, it prints out the entire responce without parsing it

mnordhoff · March 22, 2019, 9:38pm

There’s a Unicode byte order mark before the data.

$ hd xqcLvoVuBoUMWLd9HWLNQuDR9Gs0y36i_LgVKfHu9tk | less
00000000  ef bb bf 48 54 54 50 2f  31 2e 31 20 34 30 34 20  |...HTTP/1.1 404 |
00000010  4e 6f 74 20 46 6f 75 6e  64 0d 0a 44 61 74 65 3a  |Not Found..Date:|
00000020  20 46 72 69 2c 20 32 32  20 4d 61 72 20 32 30 31  | Fri, 22 Mar 201|

Plus it doesn’t close the connection after it finished sending the response.

Edit: Maybe ignore the last sentence. It does send a Content-Length header, which the client ignores, because of the other issue.

dedady157 · March 22, 2019, 9:40pm

so its sending a header in unicode? wtf

mnordhoff · March 22, 2019, 9:43pm

By the way, the time zone in the Date header isn’t “GMT”.

Date: Fri, 22 Mar 2019 22:36:42 UTC+1

dedady157 · March 22, 2019, 9:44pm

ok ill fix that in a bit, you sure that the UTF-8 header isnt just comming from wget writting to the file?

mnordhoff · March 22, 2019, 9:46pm

wget doesn’t add BOMs for no reason.

dedady157 · March 22, 2019, 9:47pm

yea i’v set it up to where i serlize it and send it directly to the socket stream, the stupid ass StreamWriter thought it was writting to a file.

but the lets encrypt attempt still failed.

at least it load in firefox now

mnordhoff · March 22, 2019, 9:48pm

What error message did Let’s Encrypt have now?

dedady157 · March 22, 2019, 9:48pm

1 sec, i got to remove some code to allow me to debug the error

dedady157 · March 22, 2019, 9:51pm

ok i got a key type error, BUT IT FRIKING WORKS!

thank you so much man, i never NEVER would have thought it would add in an encoding header. and probably would of just given up. so thank you SO MUCH!!!

dedady157 · March 22, 2019, 9:53pm

now i got a new issue. ;-;

’ policy forbids issuing for: “exhibitionhttptestingserver”’ ’
is this just something with the staging server?

mnordhoff · March 22, 2019, 9:57pm

The production and staging rules should be about the same, AFAIK. What name did you actually try to get a certificate for? It has to be something syntactically valid and not blacklisted (e.g. a large bank). www.exhibapi.dynu.net would be good, localhost or paypal.com would not.

dedady157 · March 22, 2019, 9:58pm

Certes.AcmeRequestException: ‘Fail to load resource from ‘https://acme-v02.api.letsencrypt.org/acme/finalize/53819622/366715481’.
urn:ietf:params:acme:error:malformed: Error finalizing order :: policy forbids issuing for: “exhibitionhttptestingserver”’

this is the Csr Info:

dedady157 · March 22, 2019, 10:01pm

ok yea, i just relized my stupidity, the CN has to be the DNS name -_-

system · April 21, 2019, 10:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.