Malformed key thumbprint?


#1

Hello,

I tried to generate a certificate for a domain on my CentOS/Apache2/Plesk server using the following command:

./letsencrypt-auto certonly -a manual -d www.mydomain.de --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview --rsa-key-size 4096

and was asked to have the web server display ‘the following content’ at http://www.mydomain.de/.well-known/acme-challenge/xxxx : yyyy . According to the instruction on how to generate this from command line, I take xxxx is a simple ascii text file containing nothing but the text string yyyy ?
Still, I received the error message
urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: malformed key thumbprint … can anyone tell me the reason for this error? Can’t see what I might have done wrong.


#2

@rookey Take a look to this post. It is possible that your “problem” is related to a new line character in the challenge file.


#3

thanks a lot, that was indeed the reason! No idea how this crlf smuggled itself in without me noticing! :blush:


#4

I think it would be epic if acme could just ignore all whitespaces, so this wouldnt have to be asked anymore.


#5

I already sent a PR and it’s already merged, it’s just not deployed yet.


#6

then it just has to be deployed. by the way what characters are ignored? just \n?


#7

Trailing spaces, newlines and tabs.

See https://github.com/letsencrypt/boulder/pull/1142/files#diff-2ff0ef2a0a5152608dd9c1ea1f66dda1R35


#8

you also should kill the \r or whatever it was because in windows and mac \r or whatever it was is used as a part of the newline.


#9

Feel free to send a PR. :wink:


#10

problem. I never coded go (90%+ of my coding life was PHP HTML and CSS) and as I am not sure and I certainly dont want to destroy the code.


#11

You just have to add the \r into the linked string. I didn’t code any Go before that PR either.


#12

well yeah edit button does not work.

the other repo were I am doung stuff with my friend there the button works…