Java Let's encrypt client problem with jre 1.8


#1

We are developing a java client , recently we upgraded from jre1.7 to 1.8.102 , from then when i send challenge verification request i receive “Unable to update challenge :: Provided key authorization was incorrect” error from lets encrypt server


#2

Can you provide a little more detail please. The only time I’ve seen this before was when the urlbase64 creation of the jwk was incorrect for some reason.


#3

I registered and account and sent a request from some example.com domain which is running
->got a http-01 challeng to verify domain , i placed the challenge file at domain
->then requested acme server to verify the challenge , then the acme server returns
{
“type”: “urn:acme:error:malformed”,
“detail”: “Unable to update challenge :: Provided key authorization was incorrect”,
“status”: 400
}

if i try the same source code in jre 1.7 it works fine and i got the certificate , but in jre1.8 i face above problem


#4

If possible, try to compare the key authorization your client is calculating for the same challenge token and key when you run on 1.7 vs. 1.8. In a similar case, the problem was due to the client not removing leading zeros from the [n parameter of the] RSA account key before calculating the thumbprint. Maybe there’s a change in JRE 1.8 causing something similar.


#5

i am using the following code to wrap the publickey json

MessageDigest md;
md = MessageDigest.getInstance(“SHA-256”);
md.update(text.getBytes(“UTF-8”), 0, text.length());
return md.digest();

i get different digest bytes in jre1.8 and jre 1.7 for the same account key


#6

I’d probably compare the bytes you’re feeding MessageDigest (i.e. text.getBytes). I wouldn’t think the backwards-incompatible change causing this is in MessageDigest, but rather in whatever code you’re using to generate text. Perhaps this is related. (The code link seems to be broken, so I’m not sure what the actual change was).


#7

i compared the bytes that i am feeding MessageDigest , they are same in both 1.7 and 1.8
but at the end the key authorization value is different in 1.7 and 1.8 with the same code

in jre 1.7.0_121 the authorization key is token.Wfm3y3rI9nXfxKFGTNi66leGwuWYfZBVKxb8mgAkCTY
in jre 1.8.0_111 the authorization key is token.3SK4pUFu4mw7jyVvk-cTX2tfkBpjrnEtdVh9dlB80u4

i am using the same account key in both the cases but i get different key authorization values, the one which is generated by jre 1.7.0_121 is accepted by acme server and the one generated by is throwing error
{
“type”: “urn:acme:error:malformed”,
“detail”: “Unable to update challenge :: Provided key authorization was incorrect”,
“status”: 400
}


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.