What format of csr parameter in ACME protocol

But I saw the '\n' in your csr parameter

Where?
After the end quote?

1 Like

Oh , it does not work.

em.... you can find it . '\n'

"csr": "MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVl
dDEQ\nMA4
GA1UEBwwHQmVpamluZzESMBAGA1UECgwJUWluZ0Nsb3VkMRcwFQYDVQQLDA
5E\nZXY
gRGVwYXJ0bWVudDEYMBYGA1UEAwwPbGV0c2VuY3J5cHQudG9wMIIBIjANB
gkq\nhkiG9w
0BAQEFAAOCAQ8AMIIBCgKCAQEAt6snycLptLaARz3Dwq6jtToUd3jIa
6wu\nEkg8b4kP
62vba50qDvBDbvrOAZU8+4WZka3HFmyMNHANklFugJIC6FhSKpu23
JLs\n9jO2tDJ2a8s
zpBrpFH355mSGr+Rw59HVQDJbyiq5LbjvuARWU9SMnXllFIv
LZShU\nAXWjW
CshvKWqJZ4M0l06SvCxxWXaDSqc7FLW2BjB8Y4FgehkH5g+yE9saw
z6QqpL\n26TFYP4
DfOsd91mtJjLJojEJ4lTfHRO/YVqLzgNdCNYil3/ib+uogci5CE6sVf2C\nAy/Y1zf1Gh1QAYd/KxH96L5XyrBWKkaGUjMH2dBr8M0eSIk6qCIgxwIDAQABoAAw\nDQYJKoZIhvcNAQELBQADggEBAD6G17rOy5qDM4W5hy1PDLmKEg/OQDrF9X0MclrN\ntDw1ecvI4qd/ZYdvWna4bQx0B+KLjsIEffQdr8K+fff6ARxf9SBpt3gzpYWsrNe3\n+TWAXkAfv4zu3lcGWWu4VmG/6/kn/Rf6rlweACnKRhpSB7ZmeDfHTlPJ6kdu5ets\n7KtVEkCD7fZjADVxMYeOMAuClF2bmsL7GCH6nz2ELqPKS8N3BNJW+HDQe3rBgeQs\nvnV8daG1KQ7N4XZ7+2ug3AAqcMKADBeAZq3Tneq7ZQCQNAxkXgqTaFauqNaYTUJg\nugbgMmvNNvCeKCOTB50szgd1JYtk47W6knf9awRyMh1pKLg="}

Did you see it ?

The CSR field is the base64url(der) encoding without padding of the DER version (bytes) of your CSR, so the content is base64 encoded without any newlines or padding characters.

1 Like

See: How do I debug this? - Client dev - Let's Encrypt Community Support

1 Like

As far as I know,

DER file is encoded into a binary content.

How to remove the newline character in it ?

1 Like

    csr_file = open('./CSR.csr.der', 'r')
    csr_str = csr_file.read()
    print csr_str

    req_url = 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/xxx/xxx'
    kid = 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/xxx'
    resp_headers, resp_body = send_to_letsencrypt(
        url=req_url,
        protected_header=protected_header_,
        payload={
            'csr': csr_str
        },
        account_key_dict=key_dict,
        account_url=kid
    )
    pp(resp_headers)
    pp(resp_body)


What you post here is altered.
Unless you use three backticsks above and below your post.

```
your post
```

As shown, yes, there are spaces and returns:
image

1 Like

Oh, did you see the '\n' before the yellow area?

Unless you show that function/procedure, there is no way to know.

1 Like

DER is a binary (bytes) format and doesn't look like text. If your file looks like MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUJKIFN0cmVl
dDEQ etc then it's actually a PEM file (base64 encoded with padding characters). You need the same thing converted to bytes and then base64url encoded.

1 Like

here is the raw DER file

I just use the origin python way to open the DER file.

1 Like

It can't have spaces - so that is just incorrect (or this site is altering your posted text).

Where are you going with that?
A. it needs to be PEM encoded
B. What does the procedre csr_file.read() do?

1 Like

All of which should be happening in this one line:

1 Like

em...

Base64url on payload will be done in the function send_to_letsencrypt()

Let's begin at the begining...
Your initial post shows:
image
followed by:
image

don't you see how those two are different?

1 Like

Yes, I have remove the

'-----BEGIN CERTIFICATE REQUEST-----'

and

'-----END CERTIFICATE REQUEST-----'

and

the newline in this big string.

But get the same error response.

Did you mean transform the newline into '\n' character ?

So you don't want to follow the instructions.
It will be encoded later so no need to encode it now - bad logic.

1 Like