Comments (7)
Howdy, in your console, it should have printed out an error object (might be called "cert_xhr"). Can you please post what's in that cert_xhr.responseText? Thanks!
from gethttpsforfree.
I was able to repeat this case.
A HTTP 409 (OK) was returned at step 3, but the program showed "Step 3 Completed" and didn't stop me from entering step 4 & 5.
Details of my step 3:
URL:https://acme-v01.api.letsencrypt.org/acme/new-reg
(POST)
Response:{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status":409}
Step 4 was passed with no errors.
Step 5 failed with Error: Certificate signature failed. Please start back at Step 1.
.
Details of my step 5:
URL:https://acme-v01.api.letsencrypt.org/acme/new-cert
(POST)
Response:{"type":"urn:acme:error:malformed","detail":"Error creating new cert :: Certificate public key must be different than account key","status":400}
(HTTP 400)
My console output: (google chrome)
POST https://acme-v01.api.letsencrypt.org/acme/new-reg 409 (OK)
POST https://acme-v01.api.letsencrypt.org/acme/new-cert 400 (OK)
error XMLHttpRequest {}onabort: nullonerror: nullonload: nullonloadend: nullonloadstart: nullonprogress: nullonreadystatechange: ()arguments: nullcaller: nulllength: 0name: ""prototype: cert_xhr.onreadystatechangeconstructor: ()__proto__: Object__proto__: ()<function scope>ontimeout: nullreadyState: 4response: ArrayBufferresponseType: "arraybuffer"responseURL: "https://acme-v01.api.letsencrypt.org/acme/new-cert"status: 400statusText: "OK"timeout: 0upload: XMLHttpRequestUploadwithCredentials: false__proto__: XMLHttpRequest
from gethttpsforfree.
@shamiao This is expected behavior. You cannot use the same private key for the both your Let's Encrypt account key and your domain's CSR. I've updated the website to make this error type more clear.
from gethttpsforfree.
thank you very much, I've already got my valid certificate.
from gethttpsforfree.
@diafygi I have tried all methods, including client, but nothing works. httpsforfree returns
Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1. {"type":"urn:acme:error:malformed","detail":"Error unmarshaling certificate request","status":400})
for every attempt. I have tried for several days now. I have installed the client (which does nothing more than update, then times out on version), I have tried httpsforfree byserving the data and even stopping the apache server and running the python server. I see that the data was picked up, but I always get 400. What does the "unmarshaling" mean?
from gethttpsforfree.
I just hit the same issue. I DO have a separate account.key and domain.key, but nothing in the process uses the domain.key as instructed at https://gethttpsforfree.com/ In fact, the text "domain.key" doesn't even appear and reading through it, I don't see where it would be. To my knowledge, that shouldn't even come into play until I've been given a domain.crt, then I would install the 2 on my server. I was expecting step 5 to give me a domain.crt so even the title "Install Certificate" seems odd.
Given that, can you tell me where I've gone wrong or become confused? Seems like this at least a UI issue, but without knowing where I've gone wrong, I couldn't say.
from gethttpsforfree.
After many iterations, I finally created a very simple request and then I finally figured out what was wrong. As the instructions/descriptions say, these are Domain Validated certificates. I had been using a request configuration from earlier, and it resulted in features/attributes that LetsEncrypt does not support, and unfortunately the message at the end of the process is not very clear. I created a very simple request ( I used the form from an internet provider) and that request worked. Since then I have used the certbot script and have multiple names, and everything works quite well.
As far as the keys, the account key is the private/public pair that you use to access the gethttpsforfree process. The domain key is the private/public pair that are used to create the request, and for using the issued certificate. The form asks for various hashes to be created, which verifies the account key pair, and the issued certificate can be accessed using the domain private key. Both keys are used in the process.
Von: rainabba [mailto:[email protected]]
Gesendet: Dienstag, 19. Juli 2016 23:13
An: diafygi/gethttpsforfree [email protected]
Cc: Herbert, Mark [email protected]; Comment [email protected]
Betreff: Re: [diafygi/gethttpsforfree] Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1.) (#13)
I just hit the same issue. I DO have a separate account.key and domain.key, but nothing in the process uses the domain.key as instructed at https://gethttpsforfree.com/ In fact, the text "domain.key" doesn't even appear and reading through it, I don't see where it would be. To my knowledge, that shouldn't even come into play until I've been given a domain.crt, then I would install the 2 on my server. I was expecting step 5 to give me a domain.crt so even the title "Install Certificate" seems odd.
Given that, can you tell me where I've gone wrong or become confused? Seems like this at least a UI issue, but without knowing where I've gone wrong, I couldn't say.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com//issues/13#issuecomment-233767619, or mute the threadhttps://github.com/notifications/unsubscribe-auth/APzs4zvT6of3H-H2tZx7TF4WbVb0yA_6ks5qXT3egaJpZM4GujTZ.
from gethttpsforfree.
Related Issues (20)
- We translated gethttpsforfree into Chinese. HOT 1
- need a page to renew certificates HOT 2
- Error on Step 4: Verify Ownership HOT 2
- Wildcard support HOT 1
- Locally hosted semi-automated operation for externally hosted cert renewals HOT 2
- Node.js package and longer periods of time ? HOT 2
- hex2b64 returning null - Step 3 Accept terms not working. HOT 3
- Welcome to use automatic RSA signature JS tool, 3KB size🎉😊🎉 HOT 3
- Unauthenticated resource GETs on ACME v2 HOT 6
- I can't register an ecc account.key HOT 1
- Step 4: Verify Owner Keeps Failing HOT 2
- Getting a urn:ietf:params:acme:error:malformed error even though pub-key was created from priv key HOT 1
- -bash: syntax error near unexpected token `('
- Error in Step 3: Sign API Requests
- Feature Request: Preferred chain HOT 1
- Can't find files to serve for challenges HOT 1
- Error in Step 3: Account registration failed. Please start back at Step 1. HOT 14
- Step 5, Signed Certificate Chain 3 certs HOT 3
- ISRG Root X1 still verified by DST Root CA X3 HOT 2
- If you need to manually obtain the certificate, here is the easy-to-use web page ACME client on the browser, supports RSA and ECC, welcome to use🎉 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gethttpsforfree.