Pages: 1

#1 2023-10-08 03:14:29

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

mormot.net.acme error

An error occurred while calling the completedomainregistero function:

   EXC   EJwsHttp {Message:"Error 400 [Error parsing certificate request: asn1: structure error: tags don't match (16 vs {class:0 tag:13 length:45 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} certificateRequest @2] while querying https://acme-v02.api.letsencrypt.org/acme/finalize/1349321746/213579860876"} [CheckCertificates] at 4c4526

Offline

#2 2023-10-10 10:16:02

Chaa
Member
Registered: 2011-03-26
Posts: 245

Re: mormot.net.acme error

Please try the following changes:

--- a/src/net/mormot.net.acme.pas
+++ b/src/net/mormot.net.acme.pas
@@ -868,8 +868,8 @@ var
 begin
   try
     // Generate a new PKCS#10 Certificate Signing Request
-    csr := fHttpClient.fCert.CertAlgo.CreateSelfSignedCsr(
-      fSubjects, aPrivateKeyPassword, pk);
+    csr := PemToDer(fHttpClient.fCert.CertAlgo.CreateSelfSignedCsr(
+      fSubjects, aPrivateKeyPassword, pk));
     // Before sending a POST request to the server, an ACME client needs to
     // have a fresh anti-replay nonce to put in the "nonce" header of the JWS
     fHttpClient.Head(fNewNonce);

Note, there is added PemToDer conversion.

Offline

#3 2023-10-11 01:07:01

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

Yes, it works correctly and the certificate file has been generated

thanks

Offline

#4 2023-10-11 07:37:00

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,240
Website

Re: mormot.net.acme error

Thanks a lot Chaa for the fix.

Please try with https://github.com/synopse/mORMot2/commit/b8a5e82b

By the way, it may be a good idea to add a sample about mormot.net.acme.
Like a self-hosted HTTPS server based on THttpAsyncServer, with automated Let's Encrypt certificates renewal.

Offline

#5 2023-10-11 12:48:50

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

I use nginx, the Settings are as follows, but https is not accessible,, I don't know what the problem is

server {
        listen       443 ssl;
        server_name  xxx.xx.com;
        ssl_certificate      d://sslkeystore//xxx.xx.com.crt.pem;
        ssl_certificate_key  d://sslkeystore//xxx.xx.com.key.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
       

        location / {
            proxy_pass   http://127.0.0.1:81;
            proxy_redirect     default;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_max_temp_file_size 0;
            proxy_connect_timeout      180;
            proxy_send_timeout         180;
            proxy_read_timeout         180;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
    }

Offline

#6 2023-10-11 12:52:13

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

d:\sslkeystore\xxx.xx.com.crt.pem;
d:\sslkeystore\xxx.xx.com.crt.pem;

This is the file generated by mormot.net.acme

Offline

#7 2023-10-11 19:16:25

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,240
Website

Re: mormot.net.acme error

Can you telnet to the port 443 from localhost ?

Offline

#8 2023-10-12 09:40:56

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

After the test, you cannot set the password when applying for a certificate. After the password is set, the https service cannot run. After removing the password and re-applying for a certificate, it can run normally

Offline

#9 2023-10-12 09:43:15

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

gAcmeLetsEncryptServer:=TAcmeLetsEncryptServer.create(TsynLog, TacmeDaemonSettings(settings).keyStoreFolder,
      ACME_LETSENCRYPT_URL{ACME_LETSENCRYPT_DEBUG_URL},'',''{There can be no passwords here},-1,'8084');

Offline

#10 2023-10-12 10:30:44

Chaa
Member
Registered: 2011-03-26
Posts: 245

Re: mormot.net.acme error

You can try ssl_password_file for nginx (https://nginx.org/en/docs/http/ngx_http … sword_file).
May be it helps.

Offline

#11 2023-10-12 11:21:51

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

After many attempts, the ssl_password_file parameter does the job, but strangely, the file name specified after this parameter must be in the standard windows path, and the certificate file specified path must replace the '\' in the path with '//'.

Offline

#12 2023-10-12 11:23:45

lfyey121
Member
From: china
Registered: 2022-08-25
Posts: 58

Re: mormot.net.acme error

Thank you, https is finally working

Offline

Pages: 1

Board footer

Powered by FluxBB