Unable to unmarshal NewOrder request body

Help
1

Hey there,
just trying out to update LE Client to ACME v2 compatible Version (using https://github.com/analogic/lescript as base for my script)
Unfortunately I’m always getting this Error: Unable to unmarshal NewOrder request body

2019-10-01 11:27:55 [info] Getting list of URLs for API
2019-10-01 11:27:56 [info] Requesting new nonce for client communication
2019-10-01 11:27:56 [info] Account already registered. Continuing.
2019-10-01 11:27:56 [info] Sending registration to letsencrypt server
2019-10-01 11:27:56 [info] Sending signed request to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
2019-10-01 11:27:57 [info] Account: https://acme-staging-v02.api.letsencrypt.org/acme/acct/ACCID
2019-10-01 11:27:57 [info] Starting certificate generation process for domains
2019-10-01 11:27:57 [info] Requesting challenge for somedomains.com
2019-10-01 11:27:57 [info] Sending signed request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order
2019-10-01 11:27:58 [error] 400
{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to unmarshal NewOrder request body",
  "status": 400
}

Someone here who could help me finding the Prob? :wink:

thx, bye from Austria
Andreas

2

The error means that your client sent an invalid JSON payload.

You could further debug this by printing the contents of $data in https://github.com/analogic/lescript/blob/71cce93df747923d699344927ec04c3555ad8184/Lescript.php#L414 .

1 Like
3

Hey @_az,
thx for your fast answer! :slight_smile:

Array
(
    [protected] => eyJhbGciOiJSUzI1NiIsIm5vbmNlIjoiMDAwMktRand0MmtJQy01WXNrc05pekRkTm1wSi1nX0NELVNzUGp0Z05fYzAwQ2ciLCJ1cmwiOiJodHRwczpcL1wvYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnXC9hY21lXC9uZXctb3JkZXIiLCJraWQiOiJodHRwczpcL1wvYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnXC9hY21lXC9hY2N0XC8xMTIzNzM5MiJ9
    [payload] => eyJpZGVudGlmaWVycyI6eyIwIjp7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImZ1dHVyZXdlYi5hdC5pbi5mdXR1cmVjbXMuYXQifSwiMTAiOnsidHlwZSI6ImRucyIsInZhbHVlIjoid3d3LmZ1dHVyZXdlYi5hdC5pbi5mdXR1cmVjbXMuYXQifSwiMTEiOnsidHlwZSI6ImRucyIsInZhbHVlIjoiZnV0dXJld2ViLmF0LmV4LmZ1dHVyZWNtcy5hdCJ9LCIxMiI6eyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJ3d3cuZnV0dXJld2ViLmF0LmV4LmZ1dHVyZWNtcy5hdCJ9LCIxMyI6eyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJmdXR1cmV3ZWIuYXQuZXgub3J0c2luZm8uYXQifSwiMTQiOnsidHlwZSI6ImRucyIsInZhbHVlIjoid3d3LmZ1dHVyZXdlYi5hdC5leC5vcnRzaW5mby5hdCJ9LCIxNSI6eyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJmdXR1cmV3ZWIuYXQuZGV2LmZ1dHVyZWNtcy5hdCJ9LCIxNiI6eyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJ3d3cuZnV0dXJld2ViLmF0LmRldi5mdXR1cmVjbXMuYXQifX19
    [signature] => XqqY1D1vb5I1IzU13sF_dvLdvuIMnms0vCv3J6Id-6qh5sMfOI80wPu7t2PvA4x1_YwfbKRJV2Q1M266ag2xvCs70du15VTcoUhown5ywaocQ8rrsiYTi5zMFOsf-THXkakEcFwWRwJOx7rEakZv5gVVOEjyYHOcCr6qwMM5gq3asMvx-dBhzm6z0qQrF5QWy0qtFPIfMeRYG-rTHC3gU0mCvL9PqbdyVrczdYtTIDAEqwZXpp0g36JG_2tvQ-7IvW8r8C89E7MDyqwttL83rv3rkMvgEir4aFJIiW1DqpkYM63k_E-8U8AzM82aG-Oo3N3h18vUFhcqhehATIWIT6D2I8orjSOpI6bAw0H9RUUVn8XOVoUeUTDJX2pXR4jz-EkKHRQ0sPQ_HIUb2APw4UX_7jz7UsFXzdmoR-ItpX8dHxGBEXT7nGEuVMtBHWa4cPbVU4iWOXQxJ1FKglwRtg0ikdxL7d_zvKbmU44ek6fRNkE0yqdeD-UUuU7-Wcg73sfwEpX2EzOxJRbh_wbX1wdbCCj1uRcZ00GwUNqs1TU1ogRZQPhV9MiCd1kAjFZbifDGBb_8wIEn_CZv6VoY9iz4xCkYODxjq8Fs038gVorAZL79YpzTSOF-573oGEibk9rZy5T0lr6vV-WyYm6zbWFzb9vAjLvxmD1FTNkV1uE
)

Not quite sure what could be the Problem here … mhhhh … ?

4

If you decode the JWS payload you can see that it is malformed per RFC 8555 (I pretty printed the JSON for readability):

{
  "identifiers": {
    "0": {
      "type": "dns",
      "value": "futureweb.at.in.futurecms.at"
    },
    "10": {
      "type": "dns",
      "value": "www.futureweb.at.in.futurecms.at"
    },
    "11": {
      "type": "dns",
      "value": "futureweb.at.ex.futurecms.at"
    },
    "12": {
      "type": "dns",
      "value": "www.futureweb.at.ex.futurecms.at"
    },
    "13": {
      "type": "dns",
      "value": "futureweb.at.ex.ortsinfo.at"
    },
    "14": {
      "type": "dns",
      "value": "www.futureweb.at.ex.ortsinfo.at"
    },
    "15": {
      "type": "dns",
      "value": "futureweb.at.dev.futurecms.at"
    },
    "16": {
      "type": "dns",
      "value": "www.futureweb.at.dev.futurecms.at"
    }
  }
}

The "identifiers" key should be an array of identifiers, not an object of identifiers, e.g. something like:

{
  "identifiers": [
    {
      "type": "dns",
      "value": "futureweb.at.in.futurecms.at"
    },
    {
      "type": "dns",
      "value": "www.futureweb.at.in.futurecms.at"
    },
    {
      "type": "dns",
      "value": "futureweb.at.ex.futurecms.at"
    },
    {
      "type": "dns",
      "value": "www.futureweb.at.ex.futurecms.at"
    },
    {
      "type": "dns",
      "value": "futureweb.at.ex.ortsinfo.at"
    },
    {
      "type": "dns",
      "value": "www.futureweb.at.ex.ortsinfo.at"
    },
    {
      "type": "dns",
      "value": "futureweb.at.dev.futurecms.at"
    },
    {
      "type": "dns",
      "value": "www.futureweb.at.dev.futurecms.at"
    }
  ]
}

Hope that helps!

Can you indicate what part of RFC 8555 you're referencing here? I'm not sure I understand. New Order isn't optional per my own understanding.

1 Like
5

aaarrrrggghhhhh … blind me … thank you … as so often! :wink:

as for NewOrder - please forget it … mixed up a few things … (hab notBefore in head not NewOrder … no comment :wink: )

1 Like
6

No problem :slight_smile: We've all been there!

1 Like
7

small change and all working like it should … thx again for pointing me in the right direction … guess I would have searched another few Hours without you … :grimacing:

1 Like
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.