Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1.) about gethttpsforfree HOT 7 CLOSED

Howdy, in your console, it should have printed out an error object (might be called "cert_xhr"). Can you please post what's in that cert_xhr.responseText? Thanks!

from gethttpsforfree.

I was able to repeat this case.

A HTTP 409 (OK) was returned at step 3, but the program showed "Step 3 Completed" and didn't stop me from entering step 4 & 5.

Details of my step 3:
URL: https://acme-v01.api.letsencrypt.org/acme/new-reg (POST)
Response: {"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status":409}

Step 4 was passed with no errors.

Step 5 failed with Error: Certificate signature failed. Please start back at Step 1..

Details of my step 5:
URL: https://acme-v01.api.letsencrypt.org/acme/new-cert (POST)
Response: {"type":"urn:acme:error:malformed","detail":"Error creating new cert :: Certificate public key must be different than account key","status":400} (HTTP 400)

My console output: (google chrome)

POST https://acme-v01.api.letsencrypt.org/acme/new-reg 409 (OK)
POST https://acme-v01.api.letsencrypt.org/acme/new-cert 400 (OK)
error XMLHttpRequest {}onabort: nullonerror: nullonload: nullonloadend: nullonloadstart: nullonprogress: nullonreadystatechange: ()arguments: nullcaller: nulllength: 0name: ""prototype: cert_xhr.onreadystatechangeconstructor: ()__proto__: Object__proto__: ()<function scope>ontimeout: nullreadyState: 4response: ArrayBufferresponseType: "arraybuffer"responseURL: "https://acme-v01.api.letsencrypt.org/acme/new-cert"status: 400statusText: "OK"timeout: 0upload: XMLHttpRequestUploadwithCredentials: false__proto__: XMLHttpRequest

from gethttpsforfree.

@shamiao This is expected behavior. You cannot use the same private key for the both your Let's Encrypt account key and your domain's CSR. I've updated the website to make this error type more clear.

from gethttpsforfree.

thank you very much, I've already got my valid certificate. 🍻

from gethttpsforfree.

@diafygi I have tried all methods, including client, but nothing works. httpsforfree returns
Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1. {"type":"urn:acme:error:malformed","detail":"Error unmarshaling certificate request","status":400})
for every attempt. I have tried for several days now. I have installed the client (which does nothing more than update, then times out on version), I have tried httpsforfree byserving the data and even stopping the apache server and running the python server. I see that the data was picked up, but I always get 400. What does the "unmarshaling" mean?

from gethttpsforfree.

I just hit the same issue. I DO have a separate account.key and domain.key, but nothing in the process uses the domain.key as instructed at https://gethttpsforfree.com/ In fact, the text "domain.key" doesn't even appear and reading through it, I don't see where it would be. To my knowledge, that shouldn't even come into play until I've been given a domain.crt, then I would install the 2 on my server. I was expecting step 5 to give me a domain.crt so even the title "Install Certificate" seems odd.

Given that, can you tell me where I've gone wrong or become confused? Seems like this at least a UI issue, but without knowing where I've gone wrong, I couldn't say.

from gethttpsforfree.

After many iterations, I finally created a very simple request and then I finally figured out what was wrong. As the instructions/descriptions say, these are Domain Validated certificates. I had been using a request configuration from earlier, and it resulted in features/attributes that LetsEncrypt does not support, and unfortunately the message at the end of the process is not very clear. I created a very simple request ( I used the form from an internet provider) and that request worked. Since then I have used the certbot script and have multiple names, and everything works quite well.

As far as the keys, the account key is the private/public pair that you use to access the gethttpsforfree process. The domain key is the private/public pair that are used to create the request, and for using the issued certificate. The form asks for various hashes to be created, which verifies the account key pair, and the issued certificate can be accessed using the domain private key. Both keys are used in the process.

Von: rainabba [mailto:[email protected]]
Gesendet: Dienstag, 19. Juli 2016 23:13
An: diafygi/gethttpsforfree [email protected]
Cc: Herbert, Mark [email protected]; Comment [email protected]
Betreff: Re: [diafygi/gethttpsforfree] Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1.) (#13)

I just hit the same issue. I DO have a separate account.key and domain.key, but nothing in the process uses the domain.key as instructed at https://gethttpsforfree.com/ In fact, the text "domain.key" doesn't even appear and reading through it, I don't see where it would be. To my knowledge, that shouldn't even come into play until I've been given a domain.crt, then I would install the 2 on my server. I was expecting step 5 to give me a domain.crt so even the title "Install Certificate" seems odd.

Given that, can you tell me where I've gone wrong or become confused? Seems like this at least a UI issue, but without knowing where I've gone wrong, I couldn't say.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com//issues/13#issuecomment-233767619, or mute the threadhttps://github.com/notifications/unsubscribe-auth/APzs4zvT6of3H-H2tZx7TF4WbVb0yA_6ks5qXT3egaJpZM4GujTZ.

from gethttpsforfree.