Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in Step 3: Account registration failed. Please start back at Step 1. #175

Open
helamonster opened this issue Feb 6, 2021 · 14 comments
Open

Error in Step 3: Account registration failed. Please start back at Step 1. #175

helamonster opened this issue Feb 6, 2021 · 14 comments

Comments

@helamonster
Copy link

helamonster commented Feb 6, 2021
edited
Loading

Step 1 and 2 worked fine but in step 3 I get the following error:

Error: Account registration failed. Please start back at Step 1. { "type": "urn:ietf:params:acme:error:badNonce", "detail": "JWS has an invalid anti-replay nonce: "0103QwMp1UWXcX5B5sSQBIDWzJL5ak3waWsArRm_875tX3A"", "status": 400 }

I tried a second time and got the following error:

Error: Account registration failed. Please start back at Step 1. { "type": "urn:ietf:params:acme:error:malformed", "detail": "JWS verification error", "status": 400 }

I entered the single line output of the echo -n "eyJ1...1ZX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY" command as:
(stdin)= 1a7f....0835
(actual full strings shortened here for brevity).

Maybe the nonce part of the ACME protocol changed or something?
@wstanczewski
Copy link

I'm facing exact same issue

@Akkilah
Copy link

Akkilah commented Feb 16, 2021

same here ..

@BlerasKRT
Copy link

same...

@Akkilah
Copy link

Akkilah commented Feb 16, 2021

me too

@Petermhen
Copy link

Same error as well. Appears that site is indeed broken at step 3

@Petermhen
Copy link

For anyone looking for another solution to create a certificate manually on your local computer, you can use Certbot with the --manual flag & dns validation, as explained here https://help.datica.com/hc/en-us/articles/360044373551-Creating-and-Deploying-a-LetsEncrypt-Certificate-Manually

You may need to change your network interface's MTU size if certbot returns "connection reset", as explained here https://community.letsencrypt.org/t/error-coming-through-when-trying-to-get-ssl-verified-with-my-domain/118654/9

@coupontom
Copy link

This happens to me when trying to use the wrong account public key for the domain im trying to generate a cert for. Generating a new public key works for me in this case.

@henkkasoft
Copy link

I finally managed to get the certificate with https://gethttpsforfree.com/
Here are the issues I faced if someone else want to get Lets Encrypt Certificate (without Certbot)

  1. You will have to generate two certificates. account and the one for your domain. For the latter one you generate the CSR. Remember to give the domain you are using it for and your email. (Don't know if anything else is important)
sudo openssl genrsa -out account.key 2048
sudo openssl rsa -in account.key -pubout -out account_public.key
sudo openssl genrsa -out domain.key 2048
sudo openssl rsa -in domain.key -pubout -out domain_public.key
sudo openssl req -new -key domain.key -out domain.csr
  1. You have to be fast (it is so silly but true) There are plenty of steps you have to paste (stdin)=bd0d8554... staff and for some reason it have to be done fast.
  2. (stdin)=bd0d8554... staff was also containing line breaks when copied, so I have to paste them first to editor and remove them
  3. Don't know it the Verify Ownership with DNS record have to be fast. But it is the same when trying again (with same cert), so second time you can just "I can see the TXT record" immediately
  4. Finally when you receive your cert there are 3 of them. The domain one is the first one. And it was working with my https API
  5. When done manually like this, I think it have to be done again after 90 days. (So doing everything with certbot so that it will automate renewal might be good idea at least for long run)

But just that you know gethttpsforfree is working 2022! Even the repo is quite inactive.

@sensboston
Copy link

I finally managed
...
2. You have to be fast (it is so silly but true)

Non-working script, idiotic geek-shmick "free" CA with install method not working for the most of the people :( Wasted a lot of time, got NOTHING :(

How "fast" I should be?! What the idiotic suggestion?!

@henkkasoft
Copy link

Non-working script, idiotic geek-shmick "free" CA with install method not working for the most of the people :( Wasted a lot of time, got NOTHING :(

How "fast" I should be?! What the idiotic suggestion?!

I feel you @sensboston. I had so many frustration while doing this. Still don't understand why sharing my usage experiences here are idiotic?

I just wanted to describe to others how I finally was able to use this successfully. I think i made it clear it was not easy and sure it is almost impossible to use but I managed to do so with these instructions.

It is not my fault the process is buggy but I noticed that it works if the steps is executed in fast enough pace. I don't have any absolute time frame. Fast enough for me was when it didn't fail anymore. It did fail so many times either because of this or copy/paste error that I also thought it didn't work. Just wanted try "just one more time" enough times.

@sensboston
Copy link

Still don't understand why sharing my usage experiences here are idiotic?

Simple because of this:

You have to be fast (it is so silly but true)

Yes, it's silly and idiotic, software world isn't working this way. And try to tell your idiotic (yes, it's IDIOTIC!) suggestions to the people with disability, to push 'em retry process without any chance of luck :(

... if the steps is executed in fast enough pace. I don't have any absolute time frame. Fast enough for me was when it didn't fail anymore.

Double, triple IDIOTIC!

@henkkasoft
Copy link

Yes, it's silly and idiotic, software world isn't working this way. And try to tell your idiotic (yes, it's IDIOTIC!) suggestions to the people with disability, to push 'em retry process without any chance of luck :(

You're being rude because you blame on me that you wasted your time. If software world is never time dependent and my suggestions were so idiotic why did you decide to try... actually i don't want to know.

For everyone else I want to tell that I have successfully used this 3-4 times and always it fails a couple of times when I am not fast enough with my copy/paste. So it is up to everyone if you want to give a chance for this. Cannot recommend but if you don't have any other solution... maybe you get it to work like me.

@Petermhen
Copy link

Petermhen commented Dec 22, 2022
edited
Loading

Double, triple IDIOTIC!

I understand your frustration at your time being wasted and maybe it's a language barrier issue, but you are being a bit rude & entitled to someone who's sharing his experience to help others for free.

The code is free and open, you're welcome to fix it if you feel so strongly about it.

@xiangyuecn
Copy link

If you encounter problems, you can try my webpage: https://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@sensboston @coupontom @helamonster @Akkilah @Petermhen @xiangyuecn @wstanczewski @henkkasoft @BlerasKRT