Why I cannot see my account (Method not allowed)?

porunov · December 1, 2016, 8:16pm

Hello,

I have a link to my account:
https://acme-v01.api.letsencrypt.org/acme/reg/6807646

This link shows the same info eqch time:
{
  "type": "urn:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
}

Doesn’t metter which method I am using: GET, HEAD, PUT, DELETE, POST.

Should it be like so?

Sincerely,
Alexandr

cpu · December 1, 2016, 8:26pm

Hi @porunov,

Only POST is allowed to /reg. Are you certain you are receiving a malformed error with the “Method not allowed” detail when you POST?

porunov · December 1, 2016, 8:57pm

Here is what I am getting:

# curl -X POST https://acme-v01.api.letsencrypt.org/acme/reg/6807646
{
  "type": "urn:acme:error:malformed",
  "detail": "Parse error reading JWS",
  "status": 400
}

cpu · December 1, 2016, 9:11pm

Right, with POST as the HTTP method you don't get a "Method not allowed" error.

What are you trying to accomplish overall? Retrieving your account details? Have you considered trying to accomplish this with one of the existing ACME clients? It would probably be easier than trying to construct raw ACME requests by hand.

If you're implementing this as a feature for your own ACME client, or absolutely must do it by hand, then you should look at ACME draft-04, Section 6.3 - Registration. Specifically the very last paragraph:

Servers SHOULD NOT respond to GET requests for registration resources
as these requests are not authenticated. If a client wishes to query
the server for information about its account (e.g., to examine the
"contact" or "certificates" fields), then it SHOULD do so by sending
a POST request with an empty update. That is, it should send a JWS
whose payload is trivial ({}).

Hopefully that helps explain the "Parse error reading JWS" error you are receiving. You sent a POST with an empty body, no JWS payload. You need to send a POST with a trivial payload signed by your account's registered JWK.

porunov · December 1, 2016, 9:22pm

Thank you very much for explanation! Now it is clear.
Right now I try to implement an acme-client based on this java acme-client:
shred/acme4j

There is a problem that this client cannot retrieve a list of account certificates and a list of account authorizations. So, I try to figure out where is a problem

Thanks one more time for your help

Sincerely,
Alexandr

cpu · December 1, 2016, 9:26pm

Happy to help! Good luck!

system · December 31, 2016, 9:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.