Hi, i am trying to get a certificate using the tls-alpn-01 challenge against acme://letsencrypt.org/staging.
My domain is: enpasos.com
I am using acme4j to trigger the process and generate the TLS server certificate as the challenge response. An example of the certificate
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIGAXZBZ5PAMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNVBAMM
DGFjbWUuaW52YWxpZDAeFw0yMDEyMDgwODExMTVaFw0yMDEyMTUwODExMTVaMBcx
FTATBgNVBAMMDGFjbWUuaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKtuqFfkFKagugRQ7AI9mAym7XQf0UDvQI8LGGfkq/dONkDvBjZpacIE
CM+lKH4JWAU3lTIujlX9/Tt5LLmxsExKyOGNRmy+kguBFdAXpx2M0URQNWWMGJfs
MVgCRqut17KyKdA5N6TVe4eTWxucMem6E+Owf5IWQpKNg829gp3xaEwBIYMgEYWS
Z7GjMDgQDW8xEt9l9abb1GHY+8BJeU4EZQ4Iff8758lrJJhO/ItEtuvKuFZFg7o3
t+Cb/G1LqLUNFD0gG4yrGQ8Yh05GFHlVUutAbI4iYjJynFZSExIsDc4bmYWx4Nwn
QR+xhoEzRZAF1QFMBZgIyJIg0Omq+qsCAwEAAaNNMEswFgYDVR0RBA8wDYILZW5w
YXNvcy5jb20wMQYIKwYBBQUHAR8BAf8EIgQgQ4UcWvo2T1+3r2mcHCVlnO4/2x2b
9PJ2Ifkp8ZDidl4wDQYJKoZIhvcNAQELBQADggEBAJamEbqmlv/J9jIABesev3k+
qIW94XWm396lJNN0X4QZV92EZZM553mZ+bfhotFb52UirEd8JFFM4Qu08Ip/x1AW
Gw5wlpexMGH/yLGhd4T3VV/nYj44YRGfEUyClawz/jhCj8bqS7shwDixn+2SVYw4
AdDpegyHQOINhjezVUYmYoWS3qZGQcE0hDy4ybD+M/UaMLAcECojWqSdhZu/fLXz
x/V+vCrsGRMz4xuZEtJl1IwPSOPj08sKX09lfynIcyMflY/B5IrkxdHqiIBOCHwT
3JTgWYtn+OWOcZ+S/2VeuElHDwX2Sg1PCRWcqm3SAPzUisRKhUNF654/PBZmMDw=
-----END CERTIFICATE-----
From wireshark trace the tls handshake initiated by letsencrypt to retrieve the challenge response certificate runs through and serves the certificate.
However, the letsencrypt server is somewhat not happy and responds to me with responses like
{
"type": "tls-alpn-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/169091067/OfgCaw",
"token": "A8b8y7rKuoX24pzXyr_WKK4Rc0YdRXS3PT3g3pwvJRU",
"validationRecord": [
{
"hostname": "enpasos.com",
"port": "443",
"addressesResolved": [
"93.90.193.219"
],
"addressUsed": "93.90.193.219"
}
]
}
Any idea what is wrong and how to fix it?