Test certificate registration does not work at https://acme-staging-v02.api.letsencrypt.org/directory 405 Method not allowed

My domain is: ilya.cf

I run this command: h=ilya.cf && e=postmaster@$h && c=/tmp/certs-$h && mkdir -pm0700 $c && openssl ecparam -genkey -name prime256v1 -noout -out $c/$h.key && chmod 0600 $c/$h.key && openssl req -new -key $c/$h.key -out $c/$h.csr -subj "/CN=$h/emailAddress=$e" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubject AltName=DNS:$h,DNS:*.$h")) && le -s $c/$h.csr --dns --test > $c/$h.crt

It produced this output:

HTTP/2 405
server: nginx
date: Wed, 24 Aug 2022 08:21:55 GMT
content-type: application/problem+json
content-length: 103
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"

"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405

"le" is my fork of dehydrated 0.6.5, the differences and changes are not significant.

Without the --test parameter, I sign the certificate perfectly using the dns-01 method.
The --test parameter switches the URL from CA to CA_TEST and does nothing else!


This used to work fine and I was registering both test certificates and valid certificates.

Now I can only register valid ones, and when I try to register a test certificate I get a message with a 405 response code. Why?

What is le exactly? Mayhaps it's out of date.

Edit: should've read your post more closely…

dehydrated 0.6.5 was released almost 3 years ago, pretty sure there have been some api changes since then. Though I don't think there were any breaking changes in the last three months or so.


Please read it again carefully.
This, not official, outdated. modified by me script, works fine with URL https://acme-v02.api.letsencrypt.org/directory and gives an error with URL https://acme-staging-v02.api.letsencrypt.org/directory
At the same time, at least a year ago, the same script worked fine with both URLs.

If you need, I can attach the script code.

Normally that request is a POST. The message indicates a GET was used and received a 405 Method Not Allowed error.

The production system (for now) is more tolerant of these. But, the LE script you use should be updated for current protocol.

See this similar thread. It starts as a DNS issue but also has same GET / POST issue


Thank you, now I see what's going on.

curl -X GET https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3428731844
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
curl -X POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3428731844
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "missing Content-Length header",
  "status": 411

Can you tell me how I need to modify the query by separating the URL from the data and what are the data names?

curl -X POST -d '?=acme&?=authz-v3&?=3428731844' POST https://acme-staging-v02.api.letsencrypt.org

General programming advice is found many places on the internet. StackOverflow is good or even the curl manual.

My suggestion is to spend effort converting to an ACME client that is well supported. Something like certbot or acme.sh or another from this list by Let's Encrypt.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.