@cpu I compared what I’ve been doing with certbot/acme/acme/jose … I think I might know what the problem is.
In the input I provided for the n parameter of RSA key:
AL7XV3uXI1jx_42Z0yteCszQ2amSL6sNr9_cXRcWuVHWsxfm8yRgrKEt-318-uB7VqjHRqYDmOnNCsLnnU1lBRYPDkShJQyzEgbjGnfR8PuoKyq614OsgAUYs2M4_Jo2A214aOwzxCuCfdpmcKRY9auF1q1dN8qzwU7KepAi3le_WegeOcZqyMoSeOlWqaTkGNiOw-0eh6eTd2q0RhH3yjD5pKQwuhcOaT9vCCXLCgN5nbqkj6aL_zPc7a-HajpdSNXmTEZwMhOEguSWI1tjby3RfOFUSDCCyBcPiZbuqwsJZKvT0sepEVJ1-97hsOKt0pdd3G8dowd-KowhpI6BW3jts8zpCv_6tWkx7sb4csZ52SWlKSBvQOoYj40EseAUE_DIRAaBLR3fhXjNgEfRSw1t6ORqI_zi7la7xx1wV444E9NYKKoKca53733_dtP0AkPwj2WohEmHiYH2zRKXaSekBxSlLJNkw4K9Wu1_BXC3XihLMzpBSPNXVYUTN9K3l_YYo9WTDDhgqThTKKxKC3mlw77v3Pfxud_Ri7jez2d0jNCbQR0q3M1WHGuPqthdCBxyqPTgfu5P_QHi7LxMT6hxfFGNBC4AC3zz_5e7tWLE4Sc9xYBtkZrx2puOST53dbsPh9KbvYE_DlB4Bc65dQkhw4QnZcnTVUxcK_-pVZNx
I use this urlbase64 encoding of the number n to calculate the thumbprint. What I assume your server is doing, and this is what https://github.com/certbot/certbot/blob/master/acme/acme/jose/jwk.py#L45 is doing, is that instead of using the provided urlbase64 encoding to calculate the thumbprint, it is parsed into a number, and leading zeros are removed and then encoded into urlbase64, and thumbprint is calculated from that.
When I removed leading zeros, I end up with the same thumbprint as https://github.com/certbot/certbot/blob/master/acme/acme/jose/jwk.py#L45 .
Yup… just confirmed that’s the case. I was able to initiate the challenge check.