Why I cannot see my account (Method not allowed)?


#1

Hello,

I have a link to my account:
https://acme-v01.api.letsencrypt.org/acme/reg/6807646

This link shows the same info eqch time:
{
  "type": "urn:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
}

Doesn’t metter which method I am using: GET, HEAD, PUT, DELETE, POST.

Should it be like so?

Sincerely,
Alexandr


#2

Hi @porunov,

Only POST is allowed to /reg. Are you certain you are receiving a malformed error with the “Method not allowed” detail when you POST?


#3

Here is what I am getting:

# curl -X POST https://acme-v01.api.letsencrypt.org/acme/reg/6807646
{
  "type": "urn:acme:error:malformed",
  "detail": "Parse error reading JWS",
  "status": 400
}

#4

Right, with POST as the HTTP method you don’t get a “Method not allowed” error. :tada:

What are you trying to accomplish overall? Retrieving your account details? Have you considered trying to accomplish this with one of the existing ACME clients? It would probably be easier than trying to construct raw ACME requests by hand.

If you’re implementing this as a feature for your own ACME client, or absolutely must do it by hand, then you should look at ACME draft-04, Section 6.3 - Registration. Specifically the very last paragraph:

Servers SHOULD NOT respond to GET requests for registration resources
as these requests are not authenticated. If a client wishes to query
the server for information about its account (e.g., to examine the
"contact" or “certificates” fields), then it SHOULD do so by sending
a POST request with an empty update. That is, it should send a JWS
whose payload is trivial ({}).

Hopefully that helps explain the “Parse error reading JWS” error you are receiving. You sent a POST with an empty body, no JWS payload. You need to send a POST with a trivial payload signed by your account’s registered JWK.


#5

Thank you very much for explanation! Now it is clear.
Right now I try to implement an acme-client based on this java acme-client:
shred/acme4j

There is a problem that this client cannot retrieve a list of account certificates and a list of account authorizations. So, I try to figure out where is a problem :slight_smile:

Thanks one more time for your help

Sincerely,
Alexandr


#6

Happy to help! Good luck!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.