1

MALFORMED_BAD_REQUEST while renew an expiring certificate

Hello. I have issue with 2 certificates which are due to expire. I can see in the letsencrypt.log the following message as a result to the following request:
2021-01-04 14:07:59,896:DEBUG:acme.client:Sending POST request to https://api.buypass.com/acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2
"

2021-01-04 14:08:04,498:DEBUG:requests.packages.urllib3.connectionpool:https://api.buypass.com:443 "POST /acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2 HTTP/1.1" 400 194
2021-01-04 14:08:04,501:DEBUG:acme.client:Received response:
HTTP 400
Cache-Control: no-store
Content-Language: en
Content-Length: 194
Content-Type: application/problem+json
Date: Mon, 04 Jan 2021 12:07:59 GMT
Mdc-Correlationid: 63a28b82-310f-4ddd-8090-f2831e1c5e5d
Replay-Nonce: YzI5MDBhOGEtODFlYS00ODU0LWIxY2ItOWE5NTE4ZGFhMGMy
Vary: Accept-Encoding
X-Buypass-Internal-Error-Detail-Code: MALFORMED_BAD_REQUEST
Strict-Transport-Security: max-age=63072000

{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to process challenge, authorization is not pending","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad Request"}
2021-01-04 14:08:04,502:DEBUG:acme.client:Error while responding to a challenge without keyAuthorization in the JWS, your ACME CA server may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending
2021-01-04 14:08:04,502:DEBUG:acme.client:Retrying request with keyAuthorization set.

"

Then with the re-try, this was logged:

"

2021-01-04 14:08:09,082:DEBUG:requests.packages.urllib3.connectionpool:https://api.buypass.com:443 "POST /acme-v02/authz/NLdkznrp_XjB5X86mjmEiI37APbFvQrl8VyS-bynYoo/2 HTTP/1.1" 400 194
2021-01-04 14:08:09,083:DEBUG:acme.client:Received response:
HTTP 400
Cache-Control: no-store
Content-Language: en
Content-Length: 194
Content-Type: application/problem+json
Date: Mon, 04 Jan 2021 12:08:04 GMT
Mdc-Correlationid: fc570705-f08a-4712-8e1e-9506d907c72f
Replay-Nonce: Mzc5ZGFkZTMtMTQ4ZS00ZTU5LTk0MDctYjliYTQwMzc2NzAy
Vary: Accept-Encoding
X-Buypass-Internal-Error-Detail-Code: MALFORMED_BAD_REQUEST
Strict-Transport-Security: max-age=63072000

{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to process challenge, authorization is not pending","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP 400 Bad Request"}
2021-01-04 14:08:09,087:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 158, in _respond
    self._send_responses(aauthzrs, resp, chall_update)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 191, in _send_responses
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 163, in answer_challenge
    response = self._post(challb.uri, response)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1187, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1201, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1056, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending

2021-01-04 14:08:09,087:DEBUG:certbot.error_handler:Calling registered functions
2021-01-04 14:08:09,087:INFO:certbot.auth_handler:Cleaning up challenges
2021-01-04 14:08:09,436:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1225, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 318, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 335, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 371, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 158, in _respond
    self._send_responses(aauthzrs, resp, chall_update)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 191, in _send_responses
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 163, in answer_challenge
    response = self._post(challb.uri, response)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1187, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1201, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1056, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending
2021-01-04 14:08:09,444:ERROR:certbot.log:An unexpected error occurred:
2021-01-04 14:08:09,445:ERROR:certbot.log:The request message was malformed :: Unable to process challenge, authorization is not pending

 

"

This is a certificate with 2 domain names, no wildcard.

Do you have any advice ?

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • It seems, that with the latest certbot (docker version) 1.10.1 it can renew the certificates without issues.

    Like 1
  • Hi Jozsef Szilagyi

     

    Thanks for reporting detailed info and update.

     

    Regards,

    Andriy

    Like
Replies are closed
Like1
  • Status Answered
  • 1 Likes
  • 9 mths agoLast active
  • 2Replies closed
  • 88Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains