Manual, line break at end of HTTP response causing mis-match?


#1

Using:

./letsencrypt-auto -a manual certonly -d bangstickgames.com --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory

I receive the UI notice of published IP and the instructions for placing the verification file/data, then I receive “Incomplete authorizations”

LE log output indicates the HTTP server response includes a line break at the end of the verification data:

2015-11-14 07:38:43,037:DEBUG:acme.challenges:Key authorization from response (u'UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q.xF_Q2kSDl53stfsR0yXDAM8RrFY80uS1kl0Q83HxUmA') doesn't match HTTP response (u'UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q.xF_Q2kSDl53stfsR0yXDAM8RrFY80uS1kl0Q83HxUmA\n')

The verification file does not include a line break at the end of the data. I’ve verified apache is not sending a line break by opening the verification file in a browser - no line break. I’m not sure this is the cause of the auth failure - but certainly the mis-match listed there is the line break. Not sure what’s causing the line break to appear in the HTTP response.

Full LE log:

2015-11-14 07:38:17,462:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-11-14 07:38:17,462:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-11-14 07:38:17,462:DEBUG:letsencrypt.cli:letsencrypt version: 0.0.0.dev20151108
2015-11-14 07:38:17,462:DEBUG:letsencrypt.cli:Arguments: ['-a', 'manual', '-d', 'bangstickgames.com', '--agree-dev-preview', '--server', 'https://acme-v01.api.letsencrypt.org/directory']
2015-11-14 07:38:17,462:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-11-14 07:38:17,478:DEBUG:letsencrypt.cli:Requested authenticator manual and installer None
2015-11-14 07:38:17,483:DEBUG:letsencrypt.display.ops:Single candidate plugin: * manual
Description: Manually configure an HTTP server
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:Authenticator
Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x2c916d0>
Prep: True
2015-11-14 07:38:17,484:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.manual.Authenticator object at 0x2c916d0> and installer None
2015-11-14 07:38:17,505:DEBUG:letsencrypt.cli:Picked account: <Account(7364623fd4b8ff0b99c824f96a7ee777)>
2015-11-14 07:38:17,505:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-11-14 07:38:17,510:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-14 07:38:17,922:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2015-11-14 07:38:17,928:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Sat, 14 Nov 2015 07:38:17 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 14 Nov 2015 07:38:17 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': '-gxyjOxBlQuE1O5wqYhwGvF-7aUxY7vFgrdYpCvMz34'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-14 07:38:17,930:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Sat, 14 Nov 2015 07:38:17 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 14 Nov 2015 07:38:17 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': '-gxyjOxBlQuE1O5wqYhwGvF-7aUxY7vFgrdYpCvMz34'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-14 07:38:18,019:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-letsencrypt.pem
2015-11-14 07:38:18,022:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0009_csr-letsencrypt.pem
2015-11-14 07:38:18,022:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0009_csr-letsencrypt.pem', data='0\x82\x02\x910\x82\x01y\x02\x000\x1d1\x1b0\x19\x06\x03U\x04\x03\x0c\x12bangstickgames.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc7s\xe3\x17R\x1c\xb7|oe\x8c\xd1\x86y\xe9QHJ\xbe\xed\xb2\x04T8U\x87\x04\n_2KV@\xbb\xc7\xb9\xf3\xb6\xde\x9df\x9b\xd9\x801\x162h\xc3b\xeb\x1a!\x99\xe2\xaa}\xc6\xfd\xef\r\x81x\x12\xb0\x88Z7\x07\xaa\xe9&\x1c\xcc\x1dgi(\xb1\x8e\xa2q<\xa42\xea\x14\r\xd9a\xaa\xae\xd2\xbc\xb2\xeb&\xd0\x81y\xaeu\xc6\xf5g\x0cS\xad`\x82_\xcf\'\xca\xcf\xbe\xd3=5\x7f\xf61\xdfTg\x13\xf8\x0ft\xb3zC"\x8a\x9e\x14\xb9\xf4\x0b\x99\xe4n\xa1\xc7\x94\xf1\xb2\x99"n\x99\xcb\x05}\xfb:\x88\xb8\x1a.\\h\xdb=:9h9d=\x0c\x84\xbb`\xaf\xd0\xf3\rr]\xeaM|\xc2\xdd\xab\xb5\xc3\xd3\xc8\t\xed(I<x\xd3\xd5\xa3\xa5\xc3)\'\xafx\xb2\xda\xd0:\x89P6J\xb8Ks\x8b\x90\xba\xca\xf7#t\xaf\xc7\xef\x84\xe3\xe5\x0b\x83\x9fSx\xe0\\R\xa2Tk\x05g\xd5_\x85*\xdd\x9c\x19\x05\x82}S}\xe6\xf1\x02\x03\x01\x00\x01\xa000.\x06\t*\x86H\x86\xf7\r\x01\t\x0e1!0\x1f0\x1d\x06\x03U\x1d\x11\x04\x160\x14\x82\x12bangstickgames.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a\xf2\xb6\xf9\x95\xe5O5\xbe\xf6s\x0eX\xa7\x99\xdc \x9cn\xf9`\xbc\xe6\x89\x06\x17\xdf\x9f\xaarH\xe9km`d\xd9\xf8f\xda?n2 6=\xf8\x11\xe4o7\xe2\xdd\xfcE)L.\x98\xb84W\x0e\x19\x9a\xa2,\x11\xb0\xac0\xc8H\x8f\x0c$\xfc\x8a#\xbdRs<O\\\xaf\x88`\xddB\xfb\x0b\xb2\x12[N\xb2\xda\xa8v1\x92\xcf\x04\r\xd1\x85,\xc6\x1d86|\xd0\xcbx78\x8b\x97\xa8\xcf\xe2\xb9\xd6$\x98\xc9\\0\xafT\x85\x19\xb2\xdb\xdan\x07\x18\x1f\xb6\xe7\xf4\xdfn\x1a\x87\x1a#v\xbe\\\x8e\x8dY\xe02\xeb\x17M\x04\xb5\x0b\xbc \xbd\xa0\xbd\x7f\x94\x93\xdb\xf6\xb4\x12\xc9=\xd1\x01,\xdc~0\xab\x06\xaf\xf3\x7f"R\xa9\xc1`\xcez\xed\xc4\xcf^[\x184\x9b\xe7\x82}\xc5]\xd8\x82&\xd7L\xc6\xdd\xf3\x141\'\xdc#\x12\xaeWB\x01ED\xf1\x14\x87\xb5>\n\xb1\x87\xc3\x07\x9c\x9c\xc1\xd9\x9e\xc5\'m\x81\xfd\x18y\xac|\x82\xa1p', form='der'), domains: ['bangstickgames.com']
2015-11-14 07:38:18,023:DEBUG:root:Requesting fresh nonce
2015-11-14 07:38:18,023:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-11-14 07:38:18,024:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-14 07:38:18,274:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-11-14 07:38:18,279:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Sat, 14 Nov 2015 07:38:18 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 14 Nov 2015 07:38:18 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'CKMrOg01t0yPMbx-6CQ79Mjv-udVPv69QgjM_tb3ySA'}. Content: ''
2015-11-14 07:38:18,281:DEBUG:acme.client:Storing nonce: '\x08\xa3+:\r5\xb7L\x8f1\xbc~\xe8$;\xf4\xc8\xef\xfa\xe7U>\xfe\xbdB\x08\xcc\xfe\xd6\xf7\xc9 '
2015-11-14 07:38:18,282:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
2015-11-14 07:38:18,282:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "bangstickgames.com"}, "resource": "new-authz"}
2015-11-14 07:38:18,285:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), jwk=None, alg=None, kid=None, cty=None, x5t=None, x5tS256=None, x5u=None, jku=None, typ=None
2015-11-14 07:38:18,290:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), nonce=None, kid=None, cty=None, x5t=None, x5tS256=None, x5u=None, jku=None, typ=None
2015-11-14 07:38:18,290:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "pH9PetiFFs6PqkKcOEsrt1GIke4xTysgCAtm5y0SY7FQkeFS-2muWBvzaXqc7V3RjjaH111QZFeUoi0fY0KgEB6Fw0cZomTd5PFW4onLI74hbFqOeV2N5tU9y6Ok_9W93ry9ALXDrFvXghKXkoAt72fxEGEFzBqSvdnjsbr2T09moEmJWx2sdl-gJ-RcfAsA2UpVSs0EYFrYmFKGXc6woOP-Bw0sQ8L-lk-S-BSFSAvFAbE0YlDh2TFdbKi2FHuiaoUN7bNxH0FBrA051OdZ1ytOYJJEDX8gFzPnyEz3pOC56qr-oAeUIpl66E_pAXZ-52Jp4CLC-zzeiYPAg05Qpw"}}, "protected": "eyJub25jZSI6ICJDS01yT2cwMXQweVBNYngtNkNRNzlNanYtdWRWUHY2OVFnak1fdGIzeVNBIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJiYW5nc3RpY2tnYW1lcy5jb20ifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "oliWDEfRiW_nzazSmNnnARjpJbUfLRXNCUZqwXKZsdycM_9kxRFfiHHzlg4W_5Fi_fmfwFBFAYZeemrRdJpHKYISdgm-c7MwRiFNt_gsrT75zwdugsgwCG4dNcIQ1ppHR3T1ae27vFvYInEXUqPAJSA_4FqLQePDcetOM_npSQXKQdPX8hztjU1cBb_y4JK9ppvzKmN8CNdcZXRkyFVTWtI5LZy7ybVKPoMuczS2Nt0FVi2o15m8UIPUk3AmPv_y3qk5KetTT8rel7zSpbl04frcg9lWnE072KJzOxVYFypRvxw2vhqR8IHeeqKbZDrTArDSeyOjoY2dK5wQASp4cw"}'}
2015-11-14 07:38:18,291:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-14 07:38:18,599:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 995
2015-11-14 07:38:18,603:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '995', 'Expires': 'Sat, 14 Nov 2015 07:38:18 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 14 Nov 2015 07:38:18 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': 'zmJ_6jPxOLUUFfQFRqmUYi1dgQ7hMkGbPVPm2BoJnPs'}. Content: '{"identifier":{"type":"dns","value":"bangstickgames.com"},"status":"pending","expires":"2015-11-21T07:38:18.510585137Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293596","token":"KV--ct98aF1Shp5r4kXiMUbYphW3-CaQkyPFV5vORms","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293597","token":"x8RnPm8-ygb0IXYgqZ7dzbTWSviWwN1bxeEY9KHGOhA"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293598","token":"UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293599","token":"F3ybMeMbLQmNhMY8JFhlqje1ylSBXFh3RMG72KcVdyw"}],"combinations":[[0],[1],[2],[3]]}'
2015-11-14 07:38:18,604:DEBUG:acme.client:Storing nonce: '\xceb\x7f\xea3\xf18\xb5\x14\x15\xf4\x05F\xa9\x94b-]\x81\x0e\xe12A\x9b=S\xe6\xd8\x1a\t\x9c\xfb'
2015-11-14 07:38:18,604:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '995', 'Expires': 'Sat, 14 Nov 2015 07:38:18 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 14 Nov 2015 07:38:18 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': 'zmJ_6jPxOLUUFfQFRqmUYi1dgQ7hMkGbPVPm2BoJnPs'}): '{"identifier":{"type":"dns","value":"bangstickgames.com"},"status":"pending","expires":"2015-11-21T07:38:18.510585137Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293596","token":"KV--ct98aF1Shp5r4kXiMUbYphW3-CaQkyPFV5vORms","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293597","token":"x8RnPm8-ygb0IXYgqZ7dzbTWSviWwN1bxeEY9KHGOhA"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293598","token":"UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293599","token":"F3ybMeMbLQmNhMY8JFhlqje1ylSBXFh3RMG72KcVdyw"}],"combinations":[[0],[1],[2],[3]]}'
2015-11-14 07:38:18,605:DEBUG:acme.challenges:simpleHttp was not recognized, full message: {u'status': u'pending', u'tls': True, u'token': u'KV--ct98aF1Shp5r4kXiMUbYphW3-CaQkyPFV5vORms', u'type': u'simpleHttp', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293596'}
2015-11-14 07:38:18,606:DEBUG:acme.challenges:dvsni was not recognized, full message: {u'status': u'pending', u'token': u'x8RnPm8-ygb0IXYgqZ7dzbTWSviWwN1bxeEY9KHGOhA', u'type': u'dvsni', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/qitT7nfa6W_XSsRHNzmPA_I3IKkW6_UB7DhnTUuwQMY/293597'}
2015-11-14 07:38:18,607:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-11-14 07:38:18,607:INFO:letsencrypt.auth_handler:http-01 challenge for bangstickgames.com
2015-11-14 07:38:43,028:DEBUG:acme.challenges:Verifying http-01 at http://bangstickgames.com/.well-known/acme-challenge/UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q...
2015-11-14 07:38:43,030:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): bangstickgames.com
2015-11-14 07:38:43,035:DEBUG:requests.packages.urllib3.connectionpool:"GET /.well-known/acme-challenge/UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q HTTP/1.1" 200 108
2015-11-14 07:38:43,037:DEBUG:acme.challenges:Received <Response [200]>: UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q.xF_Q2kSDl53stfsR0yXDAM8RrFY80uS1kl0Q83HxUmA
. Headers: {'Content-Length': '108', 'Content-Encoding': 'gzip', 'Accept-Ranges': 'bytes', 'Vary': 'Accept-Encoding', 'Keep-Alive': 'timeout=5, max=100', 'Server': 'Apache/2.2.22 (Ubuntu)', 'Last-Modified': 'Sat, 14 Nov 2015 07:38:40 GMT', 'Connection': 'Keep-Alive', 'ETag': '"3503d-58-5247b43c34000"', 'Date': 'Sat, 14 Nov 2015 07:38:43 GMT', 'Content-Type': 'text/plain'}
2015-11-14 07:38:43,037:DEBUG:acme.challenges:Key authorization from response (u'UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q.xF_Q2kSDl53stfsR0yXDAM8RrFY80uS1kl0Q83HxUmA') doesn't match HTTP response (u'UIeprZsR1bpfAy6OqgpZNbfS90oWfvMKsIZipXoth9Q.xF_Q2kSDl53stfsR0yXDAM8RrFY80uS1kl0Q83HxUmA\n')
2015-11-14 07:38:43,037:ERROR:letsencrypt.plugins.manual:Self-verify of challenge failed, authorization abandoned.
2015-11-14 07:38:43,067:INFO:letsencrypt.auth_handler:Waiting for verification...
2015-11-14 07:38:43,067:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-11-14 07:38:43,068:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1140, in main
    return args.func(args, config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 490, in obtaincert
    _auth_from_domains(le_client, config, domains, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 328, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 229, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 212, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 170, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 87, in get_authorizations
    self.verify_authzr_complete()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 298, in verify_authzr_complete
    raise errors.AuthorizationError("Incomplete authorizations")
AuthorizationError: Incomplete authorizations

#2

Requesting the file does indeed reveal a trailing line break. Check the raw response in DevTools (or something similar) or verify via wget. I guess browsers automatically trim trailing line breaks.

Some text editors automatically append a trailing line break when saving a file, that might be the cause.


#3

Any idea how the line break is getting added? Not clear why apache2 is doing this.

I’m using vi to create the file - there’s no line break when I edit it.

edit:

it was vi

used :set binary and :set noeol to fix

thanks!


#4

Better just use the suggested echo -n ... > file, I’m not sure whether the -n is already suggested, but there’s at least an open issue for that on GitHub.

Maybe Boulder should just trim the payload.


#5

https://github.com/letsencrypt/letsencrypt/issues/1322
https://github.com/letsencrypt/boulder/pull/1142