We are developing a java client , recently we upgraded from jre1.7 to 1.8.102 , from then when i send challenge verification request i receive “Unable to update challenge :: Provided key authorization was incorrect” error from lets encrypt server
Can you provide a little more detail please. The only time I’ve seen this before was when the urlbase64 creation of the jwk was incorrect for some reason.
I registered and account and sent a request from some example.com domain which is running
->got a http-01 challeng to verify domain , i placed the challenge file at domain
->then requested acme server to verify the challenge , then the acme server returns
{
“type”: “urn:acme:error:malformed”,
“detail”: “Unable to update challenge :: Provided key authorization was incorrect”,
“status”: 400
}
if i try the same source code in jre 1.7 it works fine and i got the certificate , but in jre1.8 i face above problem
If possible, try to compare the key authorization your client is calculating for the same challenge token and key when you run on 1.7 vs. 1.8. In a similar case, the problem was due to the client not removing leading zeros from the [n parameter of the] RSA account key before calculating the thumbprint. Maybe there’s a change in JRE 1.8 causing something similar.
i am using the following code to wrap the publickey json
MessageDigest md;
md = MessageDigest.getInstance(“SHA-256”);
md.update(text.getBytes(“UTF-8”), 0, text.length());
return md.digest();
i get different digest bytes in jre1.8 and jre 1.7 for the same account key
I’d probably compare the bytes you’re feeding MessageDigest
(i.e. text.getBytes
). I wouldn’t think the backwards-incompatible change causing this is in MessageDigest
, but rather in whatever code you’re using to generate text
. Perhaps this is related. (The code link seems to be broken, so I’m not sure what the actual change was).
i compared the bytes that i am feeding MessageDigest , they are same in both 1.7 and 1.8
but at the end the key authorization value is different in 1.7 and 1.8 with the same code
in jre 1.7.0_121 the authorization key is token.Wfm3y3rI9nXfxKFGTNi66leGwuWYfZBVKxb8mgAkCTY
in jre 1.8.0_111 the authorization key is token.3SK4pUFu4mw7jyVvk-cTX2tfkBpjrnEtdVh9dlB80u4
i am using the same account key in both the cases but i get different key authorization values, the one which is generated by jre 1.7.0_121 is accepted by acme server and the one generated by is throwing error
{
“type”: “urn:acme:error:malformed”,
“detail”: “Unable to update challenge :: Provided key authorization was incorrect”,
“status”: 400
}
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.