Re: acme-client won't work with buypass.com ECDSA domain keys

Thu, 05 Nov 2020 02:06:25 -0800

Generate your own key if you want a specific type of curve, same as if you want a specific key length with RSA. See "GENERATING ECDSA SERVER CERTIFICATES" in ssl(8) and set things to use one of the curves allowed by the CA. acme-client will use your own key if it already exists otherwise it will create a new 4096-bit RSA key or secp384r1 ECDSA key by default. 

--
 Sent from a phone, apologies for poor formatting.

On 4 November 2020 20:29:57 K R <[email protected]> wrote:


Synopsis:      acme-client won't work with buypass.com ECDSA domain keys
Category:      system sparc64
Environment:

       System      : OpenBSD 6.8
       Details     : OpenBSD 6.8 (GENERIC) #477: Sun Oct  4 20:36:17 MDT
2020
                        [email protected]:
/usr/src/sys/arch/sparc64/compile/GENERIC

       Architecture: OpenBSD.sparc64
       Machine     : sparc64

Description:


When using an ecdsa domain key with buypass.com, acme-client
receives this error:

 "Curve is not of type secp256r1 or prime256v1"


How-To-Repeat:


With the following conf, the error below is shown:

------------------------------------------------------------------------
domain example.org {
       alternative names { www.example.org }
       domain key "/etc/ssl/private/example.org.key" ecdsa
       domain full chain certificate "/etc/ssl/example.org.fullchain.pem"
       sign with buypass
}
------------------------------------------------------------------------
server# acme-client -v example.org
acme-client: https://api.buypass.com/acme/directory: directories
acme-client: api.buypass.com: DNS: 185.62.162.162
acme-client:
https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize:
certificate
acme-client:
https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize:
bad HTTP: 400
acme-client: transfer buffer:
[{"type":"urn:ietf:params:acme:error:malformed","detail":"Curve is not of
type secp256r1 or
prime256v1","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP
400 Bad Request"}] (181 bytes)
acme-client: bad exit: netproc(9045): 1
------------------------------------------------------------------------

Fix:

       Unknown.

-EOF
























					Reply via email to