New with Acme4J and having problems with Challenge

HHelp with this. I was assigned this task and it's my first time working with ACME4J. The report says that the jks file isn't being generated, but this is a process that happens after the validation against the Acme server. But the challenge is failing saying that the tokens doesn't match, but until the update execution, the token is the same as the expected by the server.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: editdb.rwscheckout.com

I ran this command:

challenge.trigger();

// attempt to pass the test 6 times (we only wanna spend about 30 secs total for
// each account)
for ( int i = 0; i < 6; i++ )
{
    challenge.update();
    // If the status is invalid, something went wrong, so it should be investigated
if ( challenge.getStatus() == Status.VALID || challenge.getStatus() == Status.INVALID )
    break;
    Thread.sleep(5_000);
}

if ( challenge.getStatus() == Status.VALID )
{
    ACME_LETS_ENCRYPT_STREAM.println(prefix + "challenge passed for account: " + 
            domain);
    return true;
}
else
{
    return false;
}

It produced this output:
json response: The key authorization file from the server did not match this challenge. Expected "D-EZIRAQejzL7GWS7IPR8d1Lc8c85Hs7MKTcEqz8grI.cWGMCIOzT7u8CnLd213wJQv_nSa9TZqPskPj3skx5BQ" (got "ksYprfcSgvybAGcksLu0IYKr4RN5v66v9VS3DJQvWTw.cWGMCIOzT7u8CnLd213wJQv_nSa9TZqPskPj3skx5BQ")

My web server is (include version): Don't really know

The operating system my web server runs on is (include version): Don't know either

My hosting provider, if applicable, is: ?

I can login to a root shell on my machine (yes or no, or I don't know): No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ?

The problem seems to be somewhere before your code extract, when you create the http-01 challenge file. If I get the error message right, the server actually fetches the correct .well-known/acme-challenge file, but it has the wrong content (proabably of a different challenge).

There is an example at the acme4j documentation about how to create a http-01 challenge: Example - acme4j .

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.