invoke /acme/order/xxxx/finalize API
request is
protected: {
"alg": "ES256",
"kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/...",
"nonce": "0003dDiXOmkQnGE6QwzQqaxzZIauoqN7WmfKdrUllakbOsI",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/.../..."
}
payload: {
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVldDEQ\nMA4GA1UEBwwHQmVpamluZzESMBAGA1UECgwJUWluZ0Nsb3VkMRcwFQYDVQQLDA5E\nZXYgRGVwYXJ0bWVudDEYMBYGA1UEAwwPbGV0c2VuY3J5cHQudG9wMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6snycLptLaARz3Dwq6jtToUd3jIa6wu\nEkg8b4kP62vba50qDvBDbvrOAZU8+4WZka3HFmyMNHANklFugJIC6FhSKpu23JLs\n9jO2tDJ2a8szpBrpFH355mSGr+Rw59HVQDJbyiq5LbjvuARWU9SMnXllFIvLZShU\nAXWjWCshvKWqJZ4M0l06SvCxxWXaDSqc7FLW2BjB8Y4FgehkH5g+yE9sawz6QqpL\n26TFYP4DfOsd91mtJjLJojEJ4lTfHRO/YVqLzgNdCNYil3/ib+uogci5CE6sVf2C\nAy/Y1zf1Gh1QAYd/KxH96L5XyrBWKkaGUjMH2dBr8M0eSIk6qCIgxwIDAQABoAAw\nDQYJKoZIhvcNAQELBQADggEBAD6G17rOy5qDM4W5hy1PDLmKEg/OQDrF9X0MclrN\ntDw1ecvI4qd/ZYdvWna4bQx0B+KLjsIEffQdr8K+fff6ARxf9SBpt3gzpYWsrNe3\n+TWAXkAfv4zu3lcGWWu4VmG/6/kn/Rf6rlweACnKRhpSB7ZmeDfHTlPJ6kdu5ets\n7KtVEkCD7fZjADVxMYeOMAuClF2bmsL7GCH6nz2ELqPKS8N3BNJW+HDQe3rBgeQs\nvnV8daG1KQ7N4XZ7+2ug3AAqcMKADBeAZq3Tneq7ZQCQNAxkXgqTaFauqNaYTUJg\nugbgMmvNNvCeKCOTB50szgd1JYtk47W6knf9awRyMh1pKLg=\n-----END CERTIFICATE REQUEST-----"
}
signature: 'xxxxx'
and get this response
======= header =========
{
'Content-Length': '126',
'Cache-Control': 'public, max-age=0, no-cache',
'Server': 'nginx',
'Connection': 'keep-alive',
'Link': '<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"',
'Boulder-Requester': '17092284',
'Date': 'Mon, 21 Dec 2020 08:06:29 GMT',
'Content-Type': 'application/problem+json',
'Replay-Nonce': '00047wzsrbO10bJC-6BnN_Wm3TdUUUumNWeNH5Fl06reoAk'
}
======== body =========
{
u'detail': u'Error unmarshaling finalize order request',
u'status': 400,
u'type': u'urn:ietf:params:acme:error:malformed'
}
Question is what format or encoding type of csr string parameter in the payload?
I have tried the DER format, but got same error response.
rg305
December 21, 2020, 8:14am
2
Try it without the header, footer, and newlines:
"csr": "MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVldDEQ\nMA4GA1UEBwwHQmVpamluZzESMBAGA1UECgwJUWluZ0Nsb3VkMRcwFQYDVQQLDA5E\nZXYgRGVwYXJ0bWVudDEYMBYGA1UEAwwPbGV0c2VuY3J5cHQudG9wMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6snycLptLaARz3Dwq6jtToUd3jIa6wu\nEkg8b4kP62vba50qDvBDbvrOAZU8+4WZka3HFmyMNHANklFugJIC6FhSKpu23JLs\n9jO2tDJ2a8szpBrpFH355mSGr+Rw59HVQDJbyiq5LbjvuARWU9SMnXllFIvLZShU\nAXWjWCshvKWqJZ4M0l06SvCxxWXaDSqc7FLW2BjB8Y4FgehkH5g+yE9sawz6QqpL\n26TFYP4DfOsd91mtJjLJojEJ4lTfHRO/YVqLzgNdCNYil3/ib+uogci5CE6sVf2C\nAy/Y1zf1Gh1QAYd/KxH96L5XyrBWKkaGUjMH2dBr8M0eSIk6qCIgxwIDAQABoAAw\nDQYJKoZIhvcNAQELBQADggEBAD6G17rOy5qDM4W5hy1PDLmKEg/OQDrF9X0MclrN\ntDw1ecvI4qd/ZYdvWna4bQx0B+KLjsIEffQdr8K+fff6ARxf9SBpt3gzpYWsrNe3\n+TWAXkAfv4zu3lcGWWu4VmG/6/kn/Rf6rlweACnKRhpSB7ZmeDfHTlPJ6kdu5ets\n7KtVEkCD7fZjADVxMYeOMAuClF2bmsL7GCH6nz2ELqPKS8N3BNJW+HDQe3rBgeQs\nvnV8daG1KQ7N4XZ7+2ug3AAqcMKADBeAZq3Tneq7ZQCQNAxkXgqTaFauqNaYTUJg\nugbgMmvNNvCeKCOTB50szgd1JYtk47W6knf9awRyMh1pKLg="}
But I saw the '\n' in your csr parameter
rg305
December 21, 2020, 8:18am
4
Where?
em.... you can find it . '\n'
"csr": "MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVl
dDEQ\nMA4
GA1UEBwwHQmVpamluZzESMBAGA1UECgwJUWluZ0Nsb3VkMRcwFQYDVQQLDA
5E\nZXY
gRGVwYXJ0bWVudDEYMBYGA1UEAwwPbGV0c2VuY3J5cHQudG9wMIIBIjANB
gkq\nhkiG9w
0BAQEFAAOCAQ8AMIIBCgKCAQEAt6snycLptLaARz3Dwq6jtToUd3jIa
6wu\nEkg8b4kP
62vba50qDvBDbvrOAZU8+4WZka3HFmyMNHANklFugJIC6FhSKpu23
JLs\n9jO2tDJ2a8s
zpBrpFH355mSGr+Rw59HVQDJbyiq5LbjvuARWU9SMnXllFIv
LZShU\nAXWjW
CshvKWqJZ4M0l06SvCxxWXaDSqc7FLW2BjB8Y4FgehkH5g+yE9saw
z6QqpL\n26TFYP4
DfOsd91mtJjLJojEJ4lTfHRO/YVqLzgNdCNYil3/ib+uogci5CE6sVf2C\nAy/Y1zf1Gh1QAYd/KxH96L5XyrBWKkaGUjMH2dBr8M0eSIk6qCIgxwIDAQABoAAw\nDQYJKoZIhvcNAQELBQADggEBAD6G17rOy5qDM4W5hy1PDLmKEg/OQDrF9X0MclrN\ntDw1ecvI4qd/ZYdvWna4bQx0B+KLjsIEffQdr8K+fff6ARxf9SBpt3gzpYWsrNe3\n+TWAXkAfv4zu3lcGWWu4VmG/6/kn/Rf6rlweACnKRhpSB7ZmeDfHTlPJ6kdu5ets\n7KtVEkCD7fZjADVxMYeOMAuClF2bmsL7GCH6nz2ELqPKS8N3BNJW+HDQe3rBgeQs\nvnV8daG1KQ7N4XZ7+2ug3AAqcMKADBeAZq3Tneq7ZQCQNAxkXgqTaFauqNaYTUJg\nugbgMmvNNvCeKCOTB50szgd1JYtk47W6knf9awRyMh1pKLg="}
Did you see it ?
The CSR field is the base64url(der) encoding without padding of the DER version (bytes) of your CSR, so the content is base64 encoded without any newlines or padding characters.
rg305
December 21, 2020, 8:22am
8
As far as I know,
DER file is encoded into a binary content.
How to remove the newline character in it ?
csr_file = open('./CSR.csr.der', 'r')
csr_str = csr_file.read()
print csr_str
req_url = 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/xxx/xxx'
kid = 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/xxx'
resp_headers, resp_body = send_to_letsencrypt(
url=req_url,
protected_header=protected_header_,
payload={
'csr': csr_str
},
account_key_dict=key_dict,
account_url=kid
)
pp(resp_headers)
pp(resp_body)
rg305
December 21, 2020, 8:26am
11
test_mail_new:
Did you see it ?
What you post here is altered.
```
As shown, yes, there are spaces and returns:
Oh, did you see the '\n' before the yellow area?
rg305
December 21, 2020, 8:28am
13
test_mail_new:
csr_file.read()
Unless you show that function/procedure, there is no way to know.
DER is a binary (bytes) format and doesn't look like text. If your file looks like MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVl
here is the raw DER file
I just use the origin python way to open the DER file.
rg305
December 21, 2020, 8:29am
16
It can't have spaces - so that is just incorrect (or this site is altering your posted text).
rg305
December 21, 2020, 8:29am
17
Where are you going with that?csr_file.read() do?
rg305
December 21, 2020, 8:31am
18
All of which should be happening in this one line:
em...
Base64url on payload will be done in the function send_to_letsencrypt()
rg305
December 21, 2020, 8:36am
20
Let's begin at the begining...
don't you see how those two are different?
