The client I use is: python acme==1.11.0 My account address is: https://acme-v02.api.letsencrypt.org/acme/acct/106396927 The order with the error is: https://acme-v02.api.letsencrypt.org/acme/order/106396927/8235322825 My order details are: { "body": { "identifiers": [{ "type": "dns", …

I seem to have found the reason I have two certificates with the same common_name and SAN.DNS. They both performed the acme_order operation within 10s. As a result, the API returned the same order number, which resulted in a certificate public key mismatch

If you care to share the CSR, maybe someone can figure out what is going on.

@rg305 it looks like it's in the csr_pem variable—let me extract it. :slight_smile:

The (supposed) CSR is included in the first code snippet. I would guess that there is some kind of bug in the finalization code of the ACME client. There aren't any certificates issued with the SPKI from the CSR. Anything's possible, but I find it exceptionally unlikely for Boulder to accidentally…

yeah -----BEGIN CERTIFICATE REQUEST----- MIIDTzCCAjcCAQAwgc4xJjAkBgNVBAMMHW1uMS1yZXBsYXkubGVpaHVvLm5ldGVh c2UuY29tMQswCQYDVQQGEwJDTjERMA8GA1UECAwIWmhlamlhbmcxETAPBgNVBAcM CEhhbmd6aG91MSwwKgYDVQQKDCNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD by4sIEx0ZDESMBAGA1UECwwJR2FtZSBEZXAuMS8wLQYJKoZIhvcNAQkBFiBncnA…

Are there any Let's Encrypt developers here? I need your help. I checked the database and found no CSR with the same public key as the certificate. I'm sure the CSR I submitted is that one.

The certificate public key returned by the API is not the same as the CSR public key I submitted

Client dev

rg305 March 4, 2021, 3:10am 5

I yes, I do see it now!

Topic		Replies	Views
Problems with my new perl ACME2 client Client dev	9	1532	April 20, 2020
Private key and CERT do not match after auto-renew Help	7	1807	July 26, 2021
Why is certificate failing to generate? Client dev	8	4637	December 12, 2017
Windows client crypt-le (le64.exe V0.38) could not finalize an order Help	3	763	June 7, 2022
Key dos not match with certificate Help	4	452	June 4, 2021

The certificate public key returned by the API is not the same as the CSR public key I submitted

Related topics